EUVD-2021-0792

Malware in sbrugna...

Improper Authentication in react-adal

This affects versions of react-adal 0.5.1. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by h...

@joshmccall/atomic-stories (>=0.0.0-semantically-released <=1.9.5), abmcontent (=0.1.0) +3 more potentially affected by CVE-2020-7787 via react-adal (>=0.3.15 <=0.4.24)

react-adal NPM version =0.3.15, =0.0.0-semantically-released, =0.1.0, =0.1.3 - widgettestcomponent =0.1.0 Source cves: CVE-2020-7787 Source advisory: OSV:GHSA-7MPX-VG3C-CMR4...

GHSA-7MPX-VG3C-CMR4 Improper Authentication in react-adal

This affects versions of react-adal 0.5.1. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by h...

Authentication Bypass

react-adal is vulnerable to authentication bypass. An attacker is able to bypass authentication using a malicious JWT token which would be treated as authentic due to an insecure validation on the nonce...

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

CVE-2020-7787

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

CVE-2020-7787

CVE-2020-7787 affects all versions of react-adal. The root cause is in how nonce/session/refresh values are stored in browser storage: values are appended with ||, which means an empty string can be accepted in the validation, allowing an attacker-generated JWT to be treated as authentic. Affecte...

CVE-2020-7787 Improper Authentication

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

Salvoravida React-adal Authorization Issues Vulnerability

Salvoravida React-adal is a JS language based codebase for interacting with Azure Active Directory by Salvoravida Individual Developer. react-adal suffers from an authorization issue vulnerability that stems from the fact that for specially designed JWT tokens and request URLs, it is possible to...

Improper Authentication

Overview react-adal is an Azure Active Directory Library ADAL support for ReactJS. Affected versions of this package are vulnerable to Improper Authentication. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly...

@joshmccall/atomic-stories (>=0.0.0-semantically-released <=1.9.5), abmcontent (=0.1.0) +3 more potentially affected by CVE-2020-7787 via react-adal (>=0.3.15 <=0.4.24)

react-adal NPM version =0.3.15, =0.0.0-semantically-released, =0.1.0, =0.1.3 - widgettestcomponent =0.1.0 Source cves: CVE-2020-7787 Source advisory: SNYK:JS-REACTADAL-1018907...