Insufficient Verification of Data Authenticity
Spring Security contains an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs.