Microsoft.Identity.Web is vulnerable to Cross-Site Request Forgery (CSRF)
43
Medium Risk
The Blazor-generated POST /logout endpoint now requires authentication and enforces antiforgery protection (removing the prior antiforgery opt-out), mitigating CSRF/logout-forgery risks.
You are affected if you are using a version that falls within the vulnerable range.
Microsoft.Identity.Web is vulnerable to Cross-Site Request Forgery (CSRF) in versions 4.6.0 - 4.8.0.
Upgrade the Microsoft.Identity.Web library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant