We use the Auth0.OidcClient.WinForms NuGet package in our software.
Mend (WhiteSource) open source scans detected some transitive dependencies coming from the Auth0.OidcClient.Core assembly containing known medium vulnerabilities.
The affected packages are the last two in the list below:
Auth0.OidcClient.Core → Microsoft.IdentityModel.Protocols.OpenIdConnect (6.12.2) → System.IdentityModel.Tokens.Jwt (6.12.2) → Microsoft.IdentityModel.JsonWebTokens (6.12.2)
Please let us know if there are plans to resolve the issue?
Thanks
I recommend opening up an issue against the SDK itself as the maintainers will have a better idea as to when this might be resolved.