Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.
{ "github_reviewed_at": "2024-05-21T18:16:24Z", "cwe_ids": [ "CWE-287" ], "nvd_published_at": null, "severity": "HIGH", "github_reviewed": true }