light-oauth2 before version 2.1.27... CVE-2023-31580

- AV AC AU C I A
发布: 2023-10-25
修订: 2023-10-31

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息