Kévin Chalet

**Name of the Vulnerable Software and Affected Versions** Auth0 auth0-aspnet and auth0-aspnet-owin (affected versions not specified) **Description** An issue was discovered that leaves applications vulnerable to CSRF attacks during authentication and authorization operations. The affected packages do not use or validate the `state` parameter of the OAuth 2.0 and OpenID Connect protocols. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ASP.NET Core versions 1.0 through 2.0 Description: The issue allows an elevation of privilege due to the ASP.NET Core project templates. Recommendations: For ASP.NET Core versions 1.0 through 2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.