Critical security issues: exposed JWT secret and vulnerable MongoDB #2092
Description
This repository another serious security issues:
Hardcoded JWT secret
The file contains a public JWT_SECRET.
Anyone can use this value to forge valid authentication tokens and impersonate users.
Once a JWT secret is committed to a public repo, it must be considered permanently compromised and rotated 🦊