CVE-2021-32701
ORY Oathkeeper’s CVE-2021-32701 describes an issue in the oauth2_introspection cache where a second request for a different scope (bar) could be treated as valid even if the new scope wasn’t granted, due to the cache not validating scopes beyond expiration. The root cause is that tokenFromCache i...