Tag
SciTokens versions prior to 1.9.6 incorrectly validate scope paths using a prefix match, leading to an authorization bypass vulnerability where a token with access to a specific path can access sibling paths with the same prefix.