Security vulnerabilities

mitrovic · April 18, 2024, 8:06pm

We use the Auth0.OidcClient.WinForms NuGet package in our software.

Mend (WhiteSource) open source scans detected some transitive dependencies coming from the Auth0.OidcClient.Core assembly containing known medium vulnerabilities.

The affected packages are the last two in the list below:

Auth0.OidcClient.Core → Microsoft.IdentityModel.Protocols.OpenIdConnect (6.12.2) → System.IdentityModel.Tokens.Jwt (6.12.2) → Microsoft.IdentityModel.JsonWebTokens (6.12.2)

Please let us know if there are plans to resolve the issue?
Thanks

tyf · April 24, 2024, 11:21pm

Hey there @mitrovic welcome to the community!

Thanks for bringing this to our attention I recommend opening up an issue against the SDK itself as the maintainers will have a better idea as to when this might be resolved.

system · May 8, 2024, 11:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0.OidCClient Nuget needed for Target Framework 4.5 Help	7	4477	September 3, 2019
Auth0.OidcClient.WinForm in .Net5 Help	2	2107	March 4, 2021
What to do since Auth0.OpenIdConnectSigningKeyResolve is now unlisted? JWT.io	10	7331	February 12, 2020
Autho0.OidcClient.WinForms: System.TypeLoadException Help	0	3127	September 30, 2019
Updated to newest Auth0 nuget pacakge Help configuration , application	0	125	June 20, 2024

Security vulnerabilities

Related topics