Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/06 5:59 p.m.20 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

8.6CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 5:59 p.m.10 views

Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri

Hi, I found that 6 endpoints in Authorizer accept a user-controlled redirecturi and append sensitive tokens to it without validating the URL against AllowedOrigins. The OAuth /app handler validates redirecturi at httphandlers/app.go:46, but the GraphQL mutations and verifyemail handler skip...

6AI score
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 12:10 p.m.7 views

CVE-2025-25202

Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...

6.5CVSS6.9AI score0.00301EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/02/11 6:12 p.m.12 views

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Impact Applications which have been bootstrapped by the new igniter installer since AshAuthentication v4.1.0 and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not us...

6.5CVSS6.5AI score0.00301EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder