blob: d1626cc52edb3b0bb8f51e0a8521024b4322df44 [file] [log] [blame]
id: GO-2021-0110
modules:
- module: github.com/ory/fosite
versions:
- fixed: 0.31.0
vulnerable_at: 0.30.6
packages:
- package: github.com/ory/fosite
symbols:
- Fosite.AuthenticateClient
derived_symbols:
- Fosite.NewAccessRequest
- Fosite.NewRevocationRequest
summary: Token reuse in github.com/ory/fosite
description: Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be replayed.
published: 2021-07-28T18:08:05Z
cves:
- CVE-2020-15222
ghsas:
- GHSA-v3q9-2p3m-7g43
references:
- fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
review_status: REVIEWED