Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15240: omniauth-auth0 | RubyGems.org | your community gem host

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the jwt_validator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using omniauth-auth0. 2. You are using JWTValidator.verify method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.

CVE
#vulnerability#web#google

omniauth-auth0 3.0.0

Auth0 is an authentication broker that supports social identity providers as well as enterprise identity providers such as Active Directory, LDAP, Google Apps, Salesforce. OmniAuth is a library that standardizes multi-provider authentication for web applications. It was created to be powerful, flexible, and do as little as possible. omniauth-auth0 is the OmniAuth strategy for Auth0.

Development Dependencies (1):

  • bundler >= 0

Owners:

Pushed by:

Authors:

  • Auth0

SHA 256 checksum:

471081873d74caeeb8bf30ff4669bbc9d0b025ed178975cee81b3d101428c585

Total downloads 11,923,368****For this version 120,371

**Gemfile:

= Copy to clipboard Copied!

****install:

=

****License:

MIT

****Required Ruby Version: >= 0****Links:**

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907