org.mitre:openid-connect-server

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.mitre:openid-connect-serverpage 1 of 1

CVE-2020-5497MEDIUMCVSS 6.1EG 6.1
2020-01-04
vulnerable: 0.9.0 ... 1.3.3 (62 versions)
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
CVE-2021-26715CRITICALCVSS 9.1EG 9.1
2021-03-25
vulnerable: 0.9.0 ... 1.3.3 (62 versions)
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registrati…

Check whether org.mitre:openid-connect-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.mitre:openid-connect-server CVEs against the assets you own.

Start Free Scan →