-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
In JwtValidator.resolvePublicKey, the Validator checks the jku and sends an HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address. This can cause an SSRF vulnerability.