express-jwt is a JWT authentication middleware.
Affected versions of this package are vulnerable to Authorization Bypass. The
algorithms entry to be specified in the configuration is not being enforced. When
algorithms is not specified in the configuration, with the combination of
jwks-rsa, it may lead to authorization bypass.
express-jwt to version 6.0.0 or higher.