[HIGH] Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

PKSA-wk7g-q55p-55xx GHSA-9phw-7h96-q3rv

Affected package: scheb/two-factor-bundle

Affected version: >=3.0.0,<3.7.0

Reported by:
GitHub, FriendsOfPHP/security-advisories