In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery (CSRF) attacks where a resour ...
Continue Reading
May 23, 2025
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly tr ...
Continue Reading
May 23, 2025
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application...Read More ...
Continue Reading
May 23, 2025
In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing t ...
Continue Reading
May 23, 2025
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user& ...
Continue Reading
May 23, 2025
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly tr ...
Continue Reading
May 23, 2025
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability c ...
Continue Reading
May 23, 2025
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly tr ...
Continue Reading
May 23, 2025
Back to Main
