Vulnerabilities > ORY > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-15233 Open Redirect vulnerability in ORY Fosite
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go.
network
low complexity
ory CWE-601
4.8
4.8
2020-10-02 CVE-2020-15234 Improper Handling of Case Sensitivity vulnerability in ORY Fosite
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go.
network
low complexity
ory CWE-178
4.8
4.8
2020-04-06 CVE-2020-5300 Authentication Bypass by Capture-replay vulnerability in ORY Hydra
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token.
network
high complexity
ory CWE-294
5.3
5.3
2019-02-17 CVE-2019-8400 Cross-site Scripting vulnerability in ORY Hydra
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
network
low complexity
ory CWE-79
6.1
6.1