NuGet package
duende.accesstokenmanagement.openidconnect
pkg:nuget/duende.accesstokenmanagement.openidconnect
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51987 | Med | 5.4 | >= 3.0.0, < 3.0.1 | 3.0.1 | Nov 8, 2024 | Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed t |
- affected >= 3.0.0, < 3.0.1fixed 3.0.1
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed t