{"id":"GHSA-rv9j-c866-gp5h","summary":"Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability","details":"### Impact\n_What kind of vulnerability is it? Who is impacted?_\nAnyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. \n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nThe vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users **should** update **all** their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher, if using Microsoft.IdentityModel.Protocols.SignedHttpRequest.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nNo, users must upgrade.\n\n### References\n_Are there any links users can visit to find out more?_\nhttps://aka.ms/IdentityModel/Jan2024/jku","aliases":["CVE-2024-21643"],"modified":"2024-02-16T08:19:00.574227Z","published":"2024-01-09T18:25:47Z","related":["CVE-2024-21643"],"database_specific":{"severity":"HIGH","cwe_ids":["CWE-94"],"github_reviewed_at":"2024-01-09T18:25:47Z","nvd_published_at":"2024-01-10T05:15:09Z","github_reviewed":true},"references":[{"type":"WEB","url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21643"},{"type":"PACKAGE","url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"type":"WEB","url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0"},{"type":"WEB","url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2"},{"type":"WEB","url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve"}],"affected":[{"package":{"name":"Microsoft.IdentityModel.Protocols.SignedHttpRequest","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.IdentityModel.Protocols.SignedHttpRequest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.34.0"}]}],"versions":["6.10.0","6.10.1","6.10.2","6.11.0","6.11.1","6.12.0","6.12.1","6.12.2","6.13.0","6.13.1","6.14.0","6.14.1","6.15.0","6.15.1","6.16.0","6.17.0","6.18.0","6.19.0","6.20.0","6.21.0","6.22.0","6.22.1","6.23.0","6.23.1","6.24.0","6.25.0","6.25.1","6.26.0","6.26.1","6.27.0","6.28.0","6.28.1","6.29.0","6.30.0","6.30.1","6.31.0","6.32.0","6.32.1","6.32.2","6.32.3","6.33.0","6.5.0","6.5.1","6.6.0","6.7.0","6.7.1","6.7.2-preview-10803222715","6.8.0","6.9.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rv9j-c866-gp5h/GHSA-rv9j-c866-gp5h.json"}},{"package":{"name":"Microsoft.IdentityModel.Protocols.SignedHttpRequest","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.IdentityModel.Protocols.SignedHttpRequest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.0.0-preview"},{"fixed":"7.1.2"}]}],"versions":["7.0.0","7.0.0-preview","7.0.0-preview2","7.0.0-preview3","7.0.0-preview4","7.0.0-preview5","7.0.1","7.0.2","7.0.3","7.1.0-preview"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rv9j-c866-gp5h/GHSA-rv9j-c866-gp5h.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"}]}