Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Call ‘.verify()’ before using the token. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-345: Insufficient Verification of Data Authenticity
OWASP: - A08:2021 - Software and Data Integrity Failures