11 matches found
EUVD-2024-0423
Malicious code in bioql PyPI...
CVE-2024-21643
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
Remote Code Execution
Microsoft.IdentityModel.Protocols.SignedHttpRequest is vulnerable to Remote Code Execution. The vulnerability is caused due to Microsoft.IdentityModel trusting the jku claim by default for the SignedHttpRequest protocol. An attacker can make any remote or local HTTP GET request as a result of thi...
CVE-2024-21643
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
Cross site request forgery (csrf)
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
CVE-2024-21643
The CVE-2024-21643 issue affects IdentityModel Extensions for .NET (Microsoft.IdentityModel.Protocols.SignedHttpRequest) where the SignedHttpRequest protocol/validator trusts the jku claim by default, enabling remote/local HTTP GET requests. Multiple sources confirm this vulnerability and identif...
CVE-2024-21643 Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...
Authorization Bypass
Overview Microsoft.IdentityModel.Protocols.SignedHttpRequest is a package that includes types that provide support for the SignedHttpRequest protocol Affected versions of this package are vulnerable to Authorization Bypass via the SignedHttpRequest protocol or the SignedHttpRequestValidator. The...
GHSA-RV9J-C866-GP5H Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
Impact What kind of vulnerability is it? Who is impacted? Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim by default for the SignedHttpRequestprotocol. This raises the possibility to make any remote or loc...
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
Impact What kind of vulnerability is it? Who is impacted? Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim by default for the SignedHttpRequestprotocol. This raises the possibility to make any remote or loc...