issues
search
mitreid-connect
/
OpenID-Connect-Java-Spring-Server
An OpenID Connect reference implementation in Java on the Spring platform.
Other
1.48k
stars
765
forks
source link
Harden Dynamic Client Registration (CVE-2021-26715)
#1547
Closed
artsploit
closed
3 years ago
artsploit
commented
3 years ago
Add an authorization check for Client and Resource registration endpoints.
Fix SSRF vulnerability in the "logo_uri" parameter. The "logo_uri" is not fetched from the server anymore, but loaded directly from the user's browser.
artsploit
commented
3 years ago
CVE-2021-26715 is assigned to this issue