Pocket ID 授权问题漏洞

Pocket ID is an open-source OIDC identity provider that supports no-password authentication. Versions of Pocket ID prior to 2.6.0 had an authorization vulnerability. This vulnerability stemmed from the createTokenFromRefreshToken function not revalidating the user’s current authorization status,...