Unknown · Light-Oauth2 · CVE-2023-31580
**Name of the Vulnerable Software and Affected Versions**
light-oauth2 versions prior to 2.1.27
**Description**
The issue allows attackers to authenticate to the application with a crafted JWT token because the public key is obtained without verification.
**Recommendations**
For versions prior to 2.1.27, update to version 2.1.27 or later to resolve the issue.