Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens.
This allows forging a valid JWT.
The issue will be patched in the upcoming 5.2.1 release.
If you have any questions or comments about this advisory: