IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only impacts ...
Closed Description We use the App Center SDK within our Android app. During the Veracode security scans run on the builds, there were 9 security policy violations or flaws reported for App Center. This issue lists 5 flaws that were reported under the Veracode CWE ID 297. ...
"The left-hand side of an assignment must be a variable, property or indexer". Help? "The remote server returned an error: (401) Unauthorized" "Typewriter" like effect in a C# Console application? "Unable to cast object of type 'System.Configuration.DefaultSection' to type blah blah ((Sy...
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. CVE-2020-13968 (v3: 9.8) 23 Dec 2020 ...