Conversation
![semgrep-appsec-platform[bot]](https://avatars.githubusercontent.com/u/129107375?s=60&v=4){kind=small}
| public async Task<bool> ValidateTokenAsync(string idToken) | ||
| { | ||
| var validator = new IdentityTokenValidator(_apiClient); | ||
| return await validator.ValidateAsync(idToken); |
There was a problem hiding this comment.
Risk: Affected versions of Auth0.AuthenticationApi are vulnerable to Improper Authentication due to improperly exposing IdentityTokenValidator, an Auth0 specific validator implementation not suitable for untrusted tokens.
Fix: Upgrade this library to at least version 6.5.4 at sharpcompress/supply-chain/reachable/packages.lock.json:5.
Reference(s): GHSA-c9cg-q8r2-xvjq, CVE-2019-16929
Ignore this finding from ssc-fc796605-eb59-42b8-9d5c-02e7bb517689.
|
|
||
| public async Task<bool> ValidateTokenAsync(string idToken) | ||
| { | ||
| var validator = new IdentityTokenValidator(_apiClient); |
There was a problem hiding this comment.
Risk: Affected versions of Auth0.AuthenticationApi are vulnerable to Improper Authentication due to improperly exposing IdentityTokenValidator, an Auth0 specific validator implementation not suitable for untrusted tokens.
Fix: Upgrade this library to at least version 6.5.4 at sharpcompress/supply-chain/reachable/packages.lock.json:5.
Reference(s): GHSA-c9cg-q8r2-xvjq, CVE-2019-16929
Ignore this finding from ssc-fc796605-eb59-42b8-9d5c-02e7bb517689.1 participant
No description provided.