Skip to content

Dynamic client id support for refresh token grant (AST-105859) #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 28, 2025
Merged

Dynamic client id support for refresh token grant (AST-105859) #428

merged 6 commits into from
Jul 28, 2025

Conversation

@cx-anand-nandeshwar
Copy link
Contributor

@cx-anand-nandeshwar cx-anand-nandeshwar commented Jul 28, 2025

No description provided.

@cx-ben-alvo
Copy link
Collaborator

cx-ben-alvo commented Jul 28, 2025
edited by cx-ynon-chouraki
Loading

Logo
Checkmarx One – Scan Summary & Detailsa477c928-7c8c-4859-a743-fdc84c3104e4

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.14.0
detailsRecommended version: 3.18.0
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW
Exploitable Path: getClass@.../ast/predicate/Predicate.java - ... - getClass@...commons/lang3/ClassUtils.java

ID: gGhlRZGNBekZxcPDGW6KLWfefaICmKHIWybnBqMIdv0%3D
Vulnerable Package
MEDIUM CVE-2025-53864 Maven-com.google.code.gson:gson-2.10.1
detailsRecommended version: 2.12.0
Description: Connect2id Nimbus JOSE + JWT allows a remote attacker to cause a Denial-of-Service (DoS) via a deeply nested JSON object supplied in a JWT claim se...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Y%2BYYXA291qZBZlR%2BEKr0LjW0tOs7pfeNVt%2FAkBx%2FnDY%3D
Vulnerable Package

@cx-anand-nandeshwar cx-anand-nandeshwar changed the title Cx client id support ast 105859 Dynamic client id support for refresh token grant (AST-105859) Jul 28, 2025
@cx-atish-jadhav cx-atish-jadhav merged commit 1eb3c6d into main Jul 28, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-atish-jadhav cx-atish-jadhav cx-atish-jadhav approved these changes

@cx-anurag-dalke cx-anurag-dalke Awaiting requested review from cx-anurag-dalke

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cx-anand-nandeshwar @cx-ben-alvo @cx-atish-jadhav @cx-rahul-pidde