VYPR

Maven package

com.networknt/light-oauth2

pkg:maven/com.networknt/light-oauth2

Vulnerabilities (1)

  • CVE-2023-31580Oct 24, 2023
    affected < 2.1.27fixed 2.1.27

    light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.