2 matches found
CVE-2026-40942
The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...