Identifier

CVE-2020-15222

Package Slug

go/github.com/ory/fosite/

Vulnerability

Improper Authentication

Description

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go), when using private_key_jwt authentication the uniqueness of the jti value is not checked.

Affected Versions

All versions before 0.31.0

Solution

Upgrade to version 0.31.0 or above.

Last Modified

2020-10-06

source