Kentor.AuthServices 0.21.2 has simply been launched to NuGet. It is a safety launch fixing three points.
- XML External Entity Injection (affecting .NET 4.5 solely)
- Malicious IdP may cause write to arbitrary file
- Flawed ReturnUrl validation results in Open Redirect
The first two points have been reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I’ve dreaded the day after I would get a safety problem I’m extraordinarily proud of the professionalism of the disclosure. I acquired the report privately, together with detailed descriptions, copy steps and strong suggestions on repair it. I’m very grateful you took the time to overview AuthServices and discover the problems and for the detailed reviews.
More particulars on the vulernabilities can be printed later.
Software Development is a Job – Coding is a Passion
Archives
Series
Related posts:
Tuckman Model of Team Development: Forming Storming Norming Performing - Project Bliss
Training facilitation – Talk much less, make extra sense
Do I need suggestions?
Complete Guide To The Scrum Board
The Secret Deeds of Employees that Leave Managers Speechless
Extraordinarily Badass Agile Coaching, Re-read Saturday, Week 8, Chapter 7 – The Agile Coaching Whee...
What do Scrum Masters do all day? | ScrumMastered
Development could be torturous
How to Write a Successful Experience Report Conference Proposal - Johanna Rothman, Management Consul...
Different variables for different branches within your Azure DevOps Pipeline
Is Velocity Evil? (No.)
Life’s a Journey Worth Telling: The Inspiring Story of a Message in a Bottle