Harden Dynamic Client Registration (CVE-2021-26715)

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.

Other

1.48k stars 765 forks source link

Closed artsploit closed 3 years ago

artsploit commented 3 years ago

Add an authorization check for Client and Resource registration endpoints.
Fix SSRF vulnerability in the "logo_uri" parameter. The "logo_uri" is not fetched from the server anymore, but loaded directly from the user's browser.

artsploit commented 3 years ago

CVE-2021-26715 is assigned to this issue