Microsoft.Identity.Web is vulnerable to Open Redirect
65
Medium Risk
In Microsoft.Identity.Web, the redirectUri handling in /MicrosoftIdentity/Account/Challenge was hardened to allow only same-origin values and to reject encoded/proxy-bypass paths (%2f, %5c, etc.), preventing open-redirect/protocol-relative bypasses.
You are affected if you are using a version that falls within the vulnerable range.
Microsoft.Identity.Web is vulnerable to Open Redirect in versions 3.0.0 - 3.14.0 and 4.0.0 - 4.8.0.
Upgrade the Microsoft.Identity.Web library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant