JWT/JWS is decoded but not verified in the same flow phase
|
Critical |
Step |
Authentication & Authorisation |
CWE-347
|
Request content is stringified
|
Critical |
Step |
Data Validation
DoS Protection |
CWE-20
|
Sensitive information is in the source code
|
Critical |
Step |
Data at Rest |
CWE-256
CWE-312
|