CVE-2023-31580
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-31580
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31580.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-31580
- Aliases
- Published
- 2023-10-25T18:17:27Z
- Modified
- 2024-05-14T12:54:37.251439Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
- References
Affected packages
Git / github.com/networknt/light-oauth2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/networknt/light-oauth2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.2
1.*
1.0.0
1.2.4
1.3.1
1.3.4
1.4.0
1.4.1
1.4.2
1.4.3
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.5.25
1.5.27
1.5.28
1.5.29
1.5.30
1.5.31
1.5.32
1.5.34
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.2
1.6.4
2.*
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.2
2.1.20
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9