3 matches found
CVE-2026-55954
CVE-2026-55954 affects ueberauth_apple (v0.1.0 up to but not including v0.6.2). The root cause is lack of validation for registered ID token claims (iss, aud, exp, iat) in Ueberauth.Strategy.Apple.Token.payload/2; the code uses the unvalidated sub to derive the user uid and email. An attacker who...
CVE-2026-23552
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
PT-2024-16047 · Amazon · Amazon.Applicationloadbalancer.Identity.Aspnetcore
Name of the Vulnerable Software and Affected Versions: Amazon.ApplicationLoadBalancer.Identity.AspNetCore affected versions not specified Description: The issue concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore repository, which contains middleware for use with the Application Load...