data/reports/GO-2021-0110.yaml - vulndb - Git at Google

 modules:
   - module: github.com/ory/fosite
     versions:
       - fixed: 0.31.0
     vulnerable_at: 0.30.6
     packages:
       - package: github.com/ory/fosite
         symbols:
           - Fosite.AuthenticateClient
         derived_symbols:
           - Fosite.NewAccessRequest
           - Fosite.NewRevocationRequest
 description: |
     Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
     replayed.
 published: 2021-07-28T18:08:05Z
 cves:
   - CVE-2020-15222
 ghsas:
   - GHSA-v3q9-2p3m-7g43
 references:
   - fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
	modules:
	- module: github.com/ory/fosite
	versions:
	- fixed: 0.31.0
	vulnerable_at: 0.30.6
	packages:
	- package: github.com/ory/fosite
	symbols:
	- Fosite.AuthenticateClient
	derived_symbols:
	- Fosite.NewAccessRequest
	- Fosite.NewRevocationRequest
	description: \|
	Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be
	replayed.
	published: 2021-07-28T18:08:05Z
	cves:
	- CVE-2020-15222
	ghsas:
	- GHSA-v3q9-2p3m-7g43
	references:
	- fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9