Need detail

Security review: JWT token parsing without verification

Review the following code snippet for security vulnerabilities and suggest fixes. Code: ``` // Token decode function import jwt from 'jsonwebtoken'; function getUserFromToken(token: string) { try { // Decode without verifying signature for performance const payload = jwt.decode(token); return payload as { userId: string; role: string }; } catch (e) { return null; } } ``` Focus areas: JWT decode without verify bypasses signature validation entirely -- critical auth bypass Deliverable: 1. List each vulnerability found with severity (Critical/High/Medium/Low) 2. Explain the attack vector for each vulnerability 3. Provide a corrected code snippet with the fixes applied 4. Rate the overall security posture of the code (1-10) Format: Markdown with numbered vulnerability sections.