Vulnerabilities > ORY > Hydra > 0.7.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-06 | CVE-2020-5300 | Authentication Bypass by Capture-replay vulnerability in ORY Hydra In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. | 3.5 |
| 2019-02-17 | CVE-2019-8400 | Cross-site Scripting vulnerability in ORY Hydra ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | 4.3 |