[HIGH] SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

PKSA-njxg-bvx9-65t2 CVE-2026-33204 GHSA-xw36-67f8-339x

Affected package: kelvinmo/simplejwt

Affected version: <=1.1.0

Reported by:
GitHub