Homepage
About Snyk

Redirect URL matching ignores character casing Affecting github.com/ory/fosite package, versions <0.34.1

0.0
medium

Snyk CVSS

    Attack Complexity Low
    Privileges Required High
    User Interaction Required
    Confidentiality High
    Integrity High

    Threat Intelligence

    EPSS 0.05% (18th percentile)
Expand this section
NVD
4.8 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMORYFOSITE-1015594
  • published 4 Oct 2020
  • disclosed 4 Oct 2020
  • credit Mitar
Report a new vulnerability Found a mistake?

Introduced: 4 Oct 2020

CVE-2020-15234 Open this link in a new tab
CWE-20 Open this link in a new tab

How to fix?

Upgrade github.com/ory/fosite to version 0.34.1 or higher.

Overview

github.com/ory/fosite is an OAuth2 & OpenID Connect framework for Go.

Affected versions of this package are vulnerable to Redirect URL matching ignores character casing. The redirect URL matching ignores character casing.

References