data/reports/GO-2021-0110.yaml - vulndb - Git at Google

 id: GO-2021-0110
 modules:
     - module: github.com/ory/fosite
       versions:
         - fixed: 0.31.0
       vulnerable_at: 0.30.6
       packages:
         - package: github.com/ory/fosite
           symbols:
             - Fosite.AuthenticateClient
           derived_symbols:
             - Fosite.NewAccessRequest
             - Fosite.NewRevocationRequest
 summary: Token reuse in github.com/ory/fosite
 description: Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be replayed.
 published: 2021-07-28T18:08:05Z
 cves:
     - CVE-2020-15222
 ghsas:
     - GHSA-v3q9-2p3m-7g43
 references:
     - fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9
	id: GO-2021-0110
	modules:
	- module: github.com/ory/fosite
	versions:
	- fixed: 0.31.0
	vulnerable_at: 0.30.6
	packages:
	- package: github.com/ory/fosite
	symbols:
	- Fosite.AuthenticateClient
	derived_symbols:
	- Fosite.NewAccessRequest
	- Fosite.NewRevocationRequest
	summary: Token reuse in github.com/ory/fosite
	description: Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be replayed.
	published: 2021-07-28T18:08:05Z
	cves:
	- CVE-2020-15222
	ghsas:
	- GHSA-v3q9-2p3m-7g43
	references:
	- fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9