Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Incorrect Regular Expression vulnerabilities in an interactive lesson.
Start learningUpgrade authentik-client
to version 2024.10.4.post1732236734 or higher.
authentik-client is an authentik
Affected versions of this package are vulnerable to Incorrect Regular Expression due to the insecure handling of OAuth2
redirect URIs, which are checked by RegEx comparison without proper escaping of special characters. An attacker can manipulate the validation process by registering a domain that closely resembles the intended domain, thus bypassing the validation checks.
This vulnerability can be mitigated by ensuring that any wildcard characters in the OAuth2 provider configurations are escaped properly, for example replacing .
with \.
Given a provider with the Redirect URIs set to https://foo.example.com
, an attacker can register a domain fooaexample.com
, and it will correctly pass validation.