Auth0 fixes RCE flaw in JsonWebToken library used by 22000 projects