PT-2023-18757 · Amazon · Aws Cognito
Name of the Vulnerable Software and Affected Versions: Strapi versions 3.2.1 through 4.5.5 Description: The issue arises from the lack of verification of access or ID tokens issued during the OAuth flow when using the AWS Cognito login provider for authentication. This allows a remote attacker to...