spring-security-oauth2-jose is vulnerable to authorization bypass attacks. The vulnerability exists during JWT issuer validation, and is only affected if the same private key for the issuer and the attacker are used when signing JWTs.
CPE | Name | Operator | Version |
---|---|---|---|
spring-security-oauth2-jose | le | 5.1.1.RELEASE | |
spring-security-oauth2-jose | le | 5.1.1.RELEASE |