Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

GHSA-J8GJ-9RM5-4XHX Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to the SkipClientIDCheck configuration in the OIDC authentication provider, which disables audience claim validation. An attacker can gain unauthorized access by presenting a token issued for a different...

GHSA-FHVP-9HCJ-6M33 Oxia has an OIDC token audience validation bypass via SkipClientIDCheck

Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...

CVE-2025-62610

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

CVE-2025-62610

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

CVE-2025-62610

Hono's JWT Auth Middleware (versions 1.1.0 up to before 4.10.2) did not validate the aud (Audience) claim, potentially allowing tokens intended for other audiences to access a service. The issue is documented across multiple sources and is resolved by upgrading to version 4.10.2 or later. Affecte...

CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

GHSA-M732-5P4W-X69G Hono Improper Authorization vulnerability

Improper Authorization in Hono JWT Audience Validation Hono’s JWT authentication middleware did not validate the aud Audience claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential...

PT-2025-43405

Name of the Vulnerable Software and Affected Versions Hono versions 1.1.0 through 4.10.1 Description Hono’s JWT authentication middleware lacked built-in verification of the aud Audience claim. This could lead to confused-deputy or token-mix-up issues, where an API might accept a valid token...

Hono 授权问题漏洞

Hono is a web framework written in TypeScript from the Hono community. An authorization issue vulnerability exists in Hono versions 1.1.0 through prior to 4.10.2, which stems from the lack of built-in audience validation options in the JWT Auth Middleware, and could lead to token obfuscation and...

Cross-Service Token: Finding Attacks in 5G Core Networks

5G marks a major departure from previous cellular architectures, by transitioning from a monolithic design of the core network to a Service-Based Architecture SBA where services are modularized as Network Functions NFs which communicate with each other via standard-defined HTTP-based APIs called...

Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks

Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious...

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...

CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

More info at https://symfony.com/cve-2026-45074...

CVE-2026-45074: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

More info at https://symfony.com/cve-2026-45074...