Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.micronaut.security/micronaut-security-oauth2@3.11.0
Typemaven
Namespaceio.micronaut.security
Namemicronaut-security-oauth2
Version3.11.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.1
Latest_non_vulnerable_version3.11.1
Affected_by_vulnerabilities
0
url VCID-dctr-btd2-b7az
vulnerability_id VCID-dctr-btd2-b7az
summary 
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider.
references
0
reference_url https://github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980
reference_id
reference_type
scores
url https://github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980
1
reference_url https://github.com/advisories/GHSA-qw22-8w9r-864h
reference_id GHSA-qw22-8w9r-864h
reference_type
scores
url https://github.com/advisories/GHSA-qw22-8w9r-864h
2
reference_url https://github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h
reference_id GHSA-qw22-8w9r-864h
reference_type
scores
url https://github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h
fixed_packages
0
url pkg:maven/io.micronaut.security/micronaut-security-oauth2@3.11.1
purl pkg:maven/io.micronaut.security/micronaut-security-oauth2@3.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut.security/micronaut-security-oauth2@3.11.1
aliases CVE-2023-36820, GHSA-qw22-8w9r-864h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dctr-btd2-b7az
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut.security/micronaut-security-oauth2@3.11.0