CVE-2023-31580
CVE-2023-31580 affects light-oauth2 (before version 2.1.27). The root cause is that the library obtains the public key without verification, enabling a crafted JWT to authenticate to the application. Impact is authentication bypass for systems relying on this key verification. Remediation per ava...