[HIGH] league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

PKSA-pc52-dbxt-c1w6 CVE-2023-37260 GHSA-wj7q-gjg8-3cpm

Affected version: >=8.5.0,<8.5.3|>=8.3.2,<8.4.2

Reported by:
GitHub