Code Review 03
This exercise is one of our challenges to help you learn how to review real source code
In this challenge, participants are tasked with reviewing the source code of a JSON Web Token (JWT) verifier that supports the JSON Key URL (jku). The main focus of the challenge is to identify a logic bug within the verifier, rather than exploiting common vulnerabilities like bypassing the signature mechanism.
You will be provided with full control over the token and its attributes, and your objective is to pinpoint the exact location of the vulnerability in the code. By carefully analyzing the source code, you will need to submit the specific file path and line number where the weakness is found. This exercise underlines the importance of thorough code review in identifying potential security flaws that may have significant impacts.