Security vulnerabilities

mitrovic · April 18, 2024, 8:06pm

We use the Auth0.OidcClient.WinForms NuGet package in our software.

Mend (WhiteSource) open source scans detected some transitive dependencies coming from the Auth0.OidcClient.Core assembly containing known medium vulnerabilities.

The affected packages are the last two in the list below:

Auth0.OidcClient.Core → Microsoft.IdentityModel.Protocols.OpenIdConnect (6.12.2) → System.IdentityModel.Tokens.Jwt (6.12.2) → Microsoft.IdentityModel.JsonWebTokens (6.12.2)

Please let us know if there are plans to resolve the issue?
Thanks

tyf · April 24, 2024, 11:21pm

Hey there @mitrovic welcome to the community!

Thanks for bringing this to our attention I recommend opening up an issue against the SDK itself as the maintainers will have a better idea as to when this might be resolved.

system · May 8, 2024, 11:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What to do since Auth0.OpenIdConnectSigningKeyResolve is now unlisted? JWT.io	10	7328	February 12, 2020
Updated to newest Auth0 nuget pacakge Help configuration , application	0	125	June 20, 2024
Error NETSDK1135 SupportedOSPlatformVersion 10.0.18362.0 cannot be higher than TargetPlatformVersion 7.0 Help wpf	2	2631	November 25, 2022
Unity Auth0 SDK - Let's do it! Help unity	3	4545	May 14, 2024
Authorization Code Flow with PKCE utilizing package Auth0.AspNetCore.Authentication Help aspnet-core , pkce	7	4321	March 24, 2022

Security vulnerabilities

Related Topics