VYPR

Packagist (Composer) package

causal/oidc

pkg:composer/causal/oidc

Vulnerabilities (2)

  • CVE-2025-24856MedMar 16, 2025
    affected >= 3.0.0, < 4.0.0fixed 4.0.0

    An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker

  • CVE-2024-30173medApr 2, 2024
    affected < 2.1.0fixed 2.1.0

    The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field “tx_oidc” is not