1. PyJWT Backend Authentication Flaw Allows Issuer Validation Bypass Through Prefix Matching
A medium-severity vulnerability in a chat application backend exposes its authentication layer to issuer validation bypass. The PyJWT token verification in `src/chat-app/backend/app/security.py` (lines 81–93) explicitly disables the library's built-in `iss` claim verification by passing `options={"verify_iss": False}` ...