Lucene search
GoogleOSV:GHSA-MMHR-3JR7-QJ2PHistoryMay 14, 2022 - 2:01 a.m.
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
2022-05-1402:01:18
Google
osv.dev
4
0.001 Low
EPSS
Percentile
31.7%
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Related
cve
cve
CVE-2018-15121
2018-08-29 03:29:00
nvd
nvd
CVE-2018-15121
2018-08-29 03:29:00
prion
prion
Cross site request forgery (csrf)
2018-08-29 03:29:00
github
github
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
2022-05-14 02:01:18
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-12-06 05:58:22
cvelist
cvelist
CVE-2018-15121
2018-08-29 03:00:00
gitlab
gitlab
Cross-Site Request Forgery (CSRF)
2022-05-14 00:00:00