WildFly Elytron: SSRF security issue
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no allow list or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.