Auth0 auth0.net prior to 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
auth0 auth0.net