VYPR

Maven package

org.mitre/openid-connect-server

pkg:maven/org.mitre/openid-connect-server

Vulnerabilities (2)

  • CVE-2021-26715CriMar 25, 2021
    affected <= 1.3.3

    The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker c

  • CVE-2020-5497MedJan 4, 2020
    affected <= 1.3.3

    The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.