| id: GO-2021-0110 |
| modules: |
| - module: github.com/ory/fosite |
| versions: |
| - fixed: 0.31.0 |
| vulnerable_at: 0.30.6 |
| packages: |
| - package: github.com/ory/fosite |
| symbols: |
| - Fosite.AuthenticateClient |
| derived_symbols: |
| - Fosite.NewAccessRequest |
| - Fosite.NewRevocationRequest |
| summary: Token reuse in github.com/ory/fosite |
| description: Uniqueness of JWT IDs (jti) are not checked, allowing the JWT to be replayed. |
| published: 2021-07-28T18:08:05Z |
| cves: |
| - CVE-2020-15222 |
| ghsas: |
| - GHSA-v3q9-2p3m-7g43 |
| references: |
| - fix: https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9 |
| review_status: REVIEWED |