KANIXB

1 exploit Active since Oct 2023
CVE-2023-31580 WRITEUP MEDIUM WRITEUP
light-oauth2 < 2.1.27 - Improper Certificate Validation
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
CVSS 5.9