CVE-2018-15801: Insufficient Verification of Data Authenticity
(updated )
Spring Security contains an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs.
References
Detect and mitigate CVE-2018-15801 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →