It has been 376 days since the last alg:none JWT vulnerability.
An unauthenticated attacker could impersonate any user in SharePoint 2019 by using an alg:none JWT for OAuth authentication.
An unauthenticated attacker could impersonate any user in SharePoint 2019 by using an alg:none JWT for OAuth authentication.