We use the Auth0.OidcClient.WinForms NuGet package in our software.
Mend (WhiteSource) open source scans detected some transitive dependencies coming from the Auth0.OidcClient.Core assembly containing known medium vulnerabilities.
The affected packages are the last two in the list below:
Auth0.OidcClient.Core → Microsoft.IdentityModel.Protocols.OpenIdConnect (6.12.2) → System.IdentityModel.Tokens.Jwt (6.12.2) → Microsoft.IdentityModel.JsonWebTokens (6.12.2)
Please let us know if there are plans to resolve the issue?
Thanks