Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that ...
Continue Reading
May 01, 2023
Strapi 3.2.1 until 4.6.0 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token ...
Continue Reading
May 01, 2023
Strapi 3.2.1 until 4.6.0 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token ...
Continue Reading
May 01, 2023
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-cb20f08a4e advisory. - A maliciously crafted HTTP/2 stream could cause excessiv ...
Continue Reading
May 01, 2023
A library for performing OAuth Device flow and Web application flow in Go client apps.Read More ...
Continue Reading
May 01, 2023
[]() Cybersecurity researchers have disclosed details of a n ...
Continue Reading
May 01, 2023
@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. When using the `AWS Cognito` login provider for authentication, the library doesn't check access or ID tokens generated through ...
Continue Reading
May 01, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
March 27, 2023
Back to Main
