CVE-2018-15121
CVE-2018-15121 affects Auth0 ASP.NET and ASP.NET OWIN libraries, where the state parameter is not used or validated in OAuth 2.0/OpenID Connect flows. This omission enables CSRF during authentication/authorization. Connected sources corroborate the issue across multiple advisories (Snyk, OSV, GHS...