)]}'
{"ossa/OSSA-2020-005.yaml":[{"author":{"_account_id":5263,"name":"Jeremy Stanley","display_name":"fungi","email":"fungi@yuggoth.org","username":"fungi","status":"missing, presumed fed"},"change_message_id":"4dc7bdc98559f4c99649f0a3016b3b19413e8654","unresolved":false,"context_lines":[{"line_number":5,"context_line":"title: OAuth1 request token authorize silently ignores roles parameter"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"    kay reported a vulnerability in Keystone\u0027s OAuth1 Token API. Previously"},{"line_number":9,"context_line":"    the list of roles provided for an OAuth1 access token were ignored, so"},{"line_number":10,"context_line":"    when an access token was used to request a keystone token, the keystone"},{"line_number":11,"context_line":"    token would contain every role assignment the creator had for the project."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"1f493fa4_1297b592","line":8,"updated":"2020-05-06 16:10:54.000000000","message":"Previous to what? We should make sure to describe this in the present tense, with regard to what\u0027s vulnerable without this fix applied.","commit_id":"e334baddd11d006f3bd2c0ca56b969e9af5dd0db"}]}