URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...

GHSA-FR3W-2P22-6W7P URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...

Fastify 跨站请求伪造漏洞

Fastify is an OpenJS Foundation open source web framework for Node.js. A security vulnerability exists in Fastify oauth2 that stems from the use of statically generated state parameters in all user requests...

SUSE-SU-2022:1176-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Updated to version 91.8 bsc1197903: - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue whe...