Cordea Oauth
2 CVEs affecting Cordea Oauth. Latest disclosed: 2024-08-15. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42476 | Medium | 6.5 | 2024-08-15 | In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site re… |
CVE-2024-42475 | Medium | 6.5 | 2024-08-15 | In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be s… |