openid-connect-server allows mass parameter assignment. The vulnerability allows an attacker to overwrite specific parameters with arbitrary values, which could lead to authorization bypass or other unexpected application behavior.
CPE | Name | Operator | Version |
---|---|---|---|
openid connect server library | le | 1.3.3 | |
openid connect server library | le | 1.3.3 |