QID 995763
Date Published: 2023-10-30
QID 995763: Java (Maven) Security Update for com.networknt:light-oauth2 (GHSA-mx47-h5fv-ghwh)
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-mx47-h5fv-ghwh for updates and patch information.
Vendor References
- GHSA-mx47-h5fv-ghwh -
github.com/advisories/GHSA-mx47-h5fv-ghwh
CVEs related to QID 995763
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-mx47-h5fv-ghwh | com.networknt:light-oauth2 |
|