EPSS
Percentile
48.2%
github.com/ory/oathkeeper is using an insecure token validation. It bypasses token claim validation once a token is in the cache. The vulnerability exists only when caching is not disabled.
github.com/ory/oathkeeper/commit/1f9f625c1a49e134ae2299ee95b8cf158feec932
github.com/ory/oathkeeper/pull/424
github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr