CVE-2023-31580

Published October 25th, 2023

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.

networknt/light-oauth2UNAVAILABLE

A fast, light and cloud native OAuth 2.0 authorization microservices based on light-4j

GitHub

314

KANIXB/JWTIssues

This repository contains some cryptographic issues in the libraries used for JWT.

GitHub