python-jwt is vulnerable to authentication bypass. An attacker can spoof the other user’s identities and hijack their sessions by obtaining the JWT token and arbitrarily forging its contents without knowing the secret key through the verify_jwt
function of __init__.py