Maven package
org.pac4j/pac4j-oidc
pkg:maven/org.pac4j/pac4j-oidc
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44878 | — | < 4.5.5 | 4.5.5 | Jan 6, 2022 | If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specificatio |
- CVE-2021-44878Jan 6, 2022affected < 4.5.5fixed 4.5.5
If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specificatio