Security vulnerability details for Identity Model Extensions library Microsoft.IdentityModel.Tokens 5.1.0
Our team discovered a vulnerability in the Identity Model Extensions library Microsoft.IdentityModel.Tokens affecting version 5.1.0. This vulnerability makes a token signed with symmetric keys vulnerable to tampering. Developers using the Identity Model Extensions in their .NET Core or .NET Framework projects need to download the latest version of the Microsoft.IdentityModel.Tokens library.
If you are currently on Microsoft.IdentityModel.Tokens 5.1.0, please update to 5.1.1 or greater
Updated packages are available on NuGet.
You can read more about the issue here.