The host is installed with jsonwebtoken through 8.5.1 and is prone to an improper input validation vulnerability. A flaw is present in the application, which fails to properly handle key retrieval parameter of jwt.verify(). Successful exploitation could allow attackers to cause arbitrary code execution.