github.com/dexidp/dex

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/dexidp/dexpage 1 of 1

CVE-2020-26290CRITICALCVSS 9.3EG 9.3✓ Fixed in 2.27.0
2020-12-28
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due…
CVE-2020-27847CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.27.0
2021-05-28
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confi…
CVE-2022-39222CRITICALCVSS 9.3EG 9.3✓ Fixed in 2.35.0
2022-10-06
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if …
CVE-2024-23656HIGHCVSS 7.5EG 7.5
2024-01-25
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tl…

Check whether github.com/dexidp/dex is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/dexidp/dex CVEs against the assets you own.

Start Free Scan →