Björn Bilger

**Name of the Vulnerable Software and Affected Versions** Spring Security versions 5.1.x prior to 5.1.2 **Description** The issue allows for an authorization bypass during JWT issuer validation. This can occur when the same private key is used for both an honest issuer and a malicious user to sign JWTs. In such a scenario, a malicious user could create signed JWTs with a malicious issuer URL, potentially allowing them to be granted access as if they were from the honest issuer. **Recommendations** For Spring Security versions 5.1.x prior to 5.1.2, update to version 5.1.2 or later to resolve the authorization bypass vulnerability.