Lucene search
Veracode Vulnerability DatabaseVERACODE:22124HistoryDec 06, 2019 - 5:58 a.m.
Cross-Site Request Forgery (CSRF)
2019-12-0605:58:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
31.7%
auth0-aspnet and auth0-aspnet-owin is vulnerable to cross-site request forgery (CSRF). The lack of use and verification of the state parameter in OAuth 2.0 and OpenID Connect protocols, which prevented the application from verifying the authenticity of requests, allows an attacker to inject their authorization code into victim’s session and perform requests on behalf of the user.
Related
cve
cve
CVE-2018-15121
2018-08-29 03:29:00
osv
osv
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
2022-05-14 02:01:18
nvd
nvd
CVE-2018-15121
2018-08-29 03:29:00
cvelist
cvelist
CVE-2018-15121
2018-08-29 03:00:00
gitlab
gitlab
Cross-Site Request Forgery (CSRF)
2022-05-14 00:00:00
prion
prion
Cross site request forgery (csrf)
2018-08-29 03:29:00
github
github
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
2022-05-14 02:01:18