HomeNewsSecurityAuth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects Update 1/31/23: Auth0 has withdrawn their security advisory on the JsonWebToken poisoning attack disclosed by Palo Alto Networks earlier this month. "After review and validation of community feedback regarding the viability of exploitation, it was determined that due to the multiple prerequisites required for succ