Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues.
- XML External Entity Injection (affecting .NET 4.5 only)
- Malicious IdP can cause write to arbitrary file
- Flawed ReturnUrl validation leads to Open Redirect
The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have dreaded the day when I would get a security issue I am extremely happy with the professionalism of the disclosure.
Related Content
See also
More details on the vulernabilities will be published later.
Software Development is a Job – Coding is a Passion
I’m Anders Abel, an independent systems architect and developer in Stockholm, Sweden.
Code for most posts is available on my GitHub account.
Archives
Series
Source link
Related posts:
6 TIPS to GET Your FIRST Scrum Master Job (in record time..)
Mastering Vim: Working with multiple files – confirm blog
Euphoria as a Chosen Response to Stressors: Embracing the Power of Positive Thinking and Mindfulness
Embrace chaos to achieve stability
Discover the Shocking Truth About QA vs QC: One Is a Complete Waste of Time and Money!
Jessica (#Jessitron) Kerr learned enough about any topic to start a conversation #WhoIsagile #WIa47 ...
Why experienced developers are worth the money
What is the role of a Scrum Master?
Navigating the Top Ten Challenges of Fellowship: Building a Strong, Cohesive Team
Pick Your Battles Wisely | Project Management Essentials
Gilbfest 2022: Day 2, 3 and Summary
Project Manager vs Scrum Master?