9 matches found
EUVD-2023-2786
Malicious code in bioql PyPI...
CVE-2023-31580
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
GHSA-MX47-H5FV-GHWH light-oauth2 missing public key verification
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
light-oauth2 missing public key verification
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
CVE-2023-31580
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
Design/Logic Flaw
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
light-oauth2 Trust Management Issue Vulnerability
light-oauth2 is networknt open source a light-4j based fast , lightweight cloud-native OAuth 2.0 authorization microservice . light-oauth2 version 2.1.27 before the existence of a security vulnerability , the vulnerability stems from obtaining the public key without any validation , allowing an...
CVE-2023-31580
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...
CVE-2023-31580
CVE-2023-31580 affects light-oauth2 (before version 2.1.27). The root cause is that the library obtains the public key without verification, enabling a crafted JWT to authenticate to the application. Impact is authentication bypass for systems relying on this key verification. Remediation per ava...