6 matches found
EUVD-2024-3141
Malicious code in bioql PyPI...
CVE-2024-49755
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even...
CVE-2024-39694
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...
CVE-2024-39694
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...
CVE-2024-39694
Duende.IdentityServer (OpenID Connect/OAuth 2.x framework for ASP.NET Core) is affected by CVE-2024-39694, an Open Redirect vulnerability. The issue arises when GetAuthorizationContextAsync and IsValidReturnUrl may return non-null or true for malicious URLs, allowing a redirect to an untrusted si...
CVE-2024-39694 Duende IdentityServer Open Redirect vulnerability
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...