Vulnerabilities (CVE)

Filtered by vendor Auth0 Subscribe
Filtered by product Aspnet
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15121 1 Auth0 2 Aspnet, Aspnet-owin 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.