Security vulnerabilities

We use the Auth0.OidcClient.WinForms NuGet package in our software.

Mend (WhiteSource) open source scans detected some transitive dependencies coming from the Auth0.OidcClient.Core assembly containing known medium vulnerabilities.

The affected packages are the last two in the list below:

Auth0.OidcClient.Core → Microsoft.IdentityModel.Protocols.OpenIdConnect (6.12.2) → System.IdentityModel.Tokens.Jwt (6.12.2)Microsoft.IdentityModel.JsonWebTokens (6.12.2)

Please let us know if there are plans to resolve the issue?

1 Like

Hey there @mitrovic welcome to the community!

Thanks for bringing this to our attention :slight_smile: I recommend opening up an issue against the SDK itself as the maintainers will have a better idea as to when this might be resolved.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.