1. Expensetracker-1 Authentication Bypass Risk Traced to Vulnerable jjwt 0.9.1 Library
A high-severity authentication bypass vulnerability has been identified in expensetracker-1, stemming from the application's use of the jjwt (Java JWT) library at version 0.9.1. The vulnerability, tracked as CVE-2022-21449, allows attackers to forge valid JWT tokens with empty signatures, effectively bypassing authenti...