Security issue CVE-2024-39694

alexhiggins732 / IdentityServer8

DotNet 8, Identity, OpenID Connect and OAuth 2.0 Framework for ASP.NET Core Identity Server 8

Apache License 2.0

57 stars 25 forks source link

Open RobinLievrouwCw opened 3 months ago

RobinLievrouwCw commented 3 months ago

A CVE has been published two weeks ago related to IdentityServer4: https://github.com/advisories/GHSA-ff4q-64jc-gx98

Is this fork also subsceptible to the same attack?

JakeDriscoll commented 4 weeks ago

If I'm looking at the code fix that Duende added to their base correctly, then yes this is also vulnerable. https://github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1