CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

SUSE CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

The vulnerability of the `browser identity.launchWebAuthFlow` function in Mozilla Firefox’s WebExtensions extensions allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the browser identity.launchWebAuthFlow function in Mozilla Firefox’s WebExtensions extensions is related to the improper loading of content via HTTPS. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...