Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.
Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
Introduced through: twilio@3.84.1 › jsonwebtoken@8.5.1
Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022