Fosite
Monthly
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.