Maven package
com.networknt/light-oauth2
pkg:maven/com.networknt/light-oauth2
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31580 | — | < 2.1.27 | 2.1.27 | Oct 24, 2023 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. |
- CVE-2023-31580Oct 24, 2023affected < 2.1.27fixed 2.1.27
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.