3 matches found
CVE-2024-42475
In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...
CVE-2024-42475
The CVE describes the nim OAuth library prior to 0.11 having insecure generateState entropy in the state values, enabling potential CSRF with a user. The root cause is that generateState did not use a cryptographically secure generator, producing insufficient entropy (less than 128 bits). Version...
jose Security Vulnerabilities
jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in latchset jose 11 and earlier versions that could allow an attacker to cause a denial of service via a large p2c value...