CVE-2021-27884

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt