VYPR

NuGet package

auth0-aspnet-owin

pkg:nuget/auth0-aspnet-owin

Vulnerabilities (1)

  • CVE-2018-15121HigAug 29, 2018
    affected <= 2.3.2

    An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.