{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-17T05:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=RIyZLeKEC8E"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/456333"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk", "refsource": "MISC", "url": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk"}, {"name": "https://www.youtube.com/watch?v=RIyZLeKEC8E", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=RIyZLeKEC8E"}, {"name": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06", "refsource": "MISC", "url": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06"}, {"name": "https://hackerone.com/reports/456333", "refsource": "MISC", "url": "https://hackerone.com/reports/456333"}, {"name": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3", "refsource": "MISC", "url": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:17:31.580Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=RIyZLeKEC8E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/456333"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-8400", "datePublished": "2019-02-17T06:00:00", "dateReserved": "2019-02-16T00:00:00", "dateUpdated": "2024-08-04T21:17:31.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ory:hydra:0.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "D9EC97FD-497E-496C-A013-2102B75F8A88", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "B125FE6A-22F7-45B1-B44F-B7F3C5D08DF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.1:beta3:*:*:*:*:*:*", "matchCriteriaId": "46F947BE-CC42-47BC-BC81-FEBEC56BFB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.1:beta4:*:*:*:*:*:*", "matchCriteriaId": "6A78FF7F-F95F-4FAB-8A21-D23A23762244", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7EAC702A-141C-43B7-B021-A48C3D02B470", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9823765-0DAD-4991-BDBF-F33C2AA3228F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "47C62392-611C-4C9A-BA0B-4E434E7544FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "63C7F111-078A-4115-AC91-BD1DD0A3DE47", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5DC28774-04E6-4D49-8D55-445C4AEF9656", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D5F4BEB-2A1F-4F0A-B4A4-8A20B87FE83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "72456053-6BCE-4754-97B8-B45068C17A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:alpha1:*:*:*:*:*:*", "matchCriteriaId": "8BCCD315-F5B5-4DE3-A957-93F664C9D353", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:alpha2:*:*:*:*:*:*", "matchCriteriaId": "BC1F846D-98B4-483E-A5EC-982547D59E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:alpha3:*:*:*:*:*:*", "matchCriteriaId": "F24ABCB3-CDB8-4636-AFFF-ADEDB45138B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.2:alpha4:*:*:*:*:*:*", "matchCriteriaId": "A26974EB-0B84-4CB8-A65F-C9F70A2ADDB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1E9E8F8-804C-4D7A-A88A-9A5204127825", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "76207328-BB26-4C49-BD63-E2D2B7AA824D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "87A247EE-6295-40AA-8E32-56CBEABAE939", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A55D7B01-6125-4ECC-BB6C-515B6D9C4995", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FB7CBB5E-EF22-462E-819E-33A3DA2381AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B85351F5-1A15-44CA-8097-4FA062CF305E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "16D21700-DF22-4969-AB2B-3D1EBA451CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D7CC1BFB-97C8-4688-86AA-71CBED3D12A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "22ECE9D0-541B-455D-A9C7-38C1687D3422", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "03316782-1BDF-4549-924C-357E78D2E234", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C78E881-B270-42D6-A5C0-5FFDE9F3C470", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "BFBB81A5-9E15-44BF-9440-8ACB32D86A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EDAEB5F-51EB-4C9A-93C7-6CA51CF30B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "DC45E516-BB30-49B2-9F5B-1F1990B5BD44", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4498A648-1C6C-4032-A433-348F2E312FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "3232E431-EDAF-4504-8764-C72E3A20F23A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "152BA719-F394-4F5E-AE7E-36C036CD29E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "7457B232-7705-459E-8F14-B8501701BAEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "5952F8F6-3FD5-4F4A-BB92-0FA158E4516B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "55E5EE26-3A7E-44C4-94CF-92255E6290FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "521945A6-CF3E-4369-A667-5E37F301C01B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A0FC9511-B2E1-44CF-85DF-98EE066FC820", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ABCA0D5-28E4-478A-A90B-8E2059661C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "12292A7E-06CA-48A7-9B30-CD8C3D8C6BB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "045DCDC3-F6FB-4F54-B426-3708F6848DBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "B3AB2509-2C75-452C-9B96-49901BA1FCF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "971F55DC-5A26-4D05-B11F-E21B28284AB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "6096E266-A023-4D8E-AE81-910659B0FA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "87140216-622E-4641-A79A-83321970B5C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "098473B5-74E5-4947-A283-4973377B2D0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1F045C-6568-4D80-B059-EA03A53D631D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "CB88818F-12C1-41A3-B856-4909186BC7B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "FD6D01E3-4868-4D25-8CA4-0EE549685144", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "9EB3590C-92F0-46D9-B7F9-5D3603D91D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "0315EC48-80BD-4DD2-88FB-3AED08A129F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7C6DBCF-1583-4C8A-A98D-E8D5C86733C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "004F621E-779D-45F7-B3E0-938B9ACB0A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCFC71AA-83F5-4FD8-AEA1-90E30B436203", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6AE0870-EA76-4DCE-B008-31CF65FE1E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F8C23A62-C439-48DC-982F-593EF4E524F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "ACD89EB4-BC48-4D65-B8C1-2ED40381D610", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "D9B3500D-C17D-4C5E-BB33-35A5F497B0FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "A3DB0C2D-10C3-40EF-B80A-B4C34D8A6B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E18869C-962D-453E-8AED-E9713CF474E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CCB58086-C5A8-4337-B259-2C665FFBD6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "13D67F6D-8454-4E99-857B-B272AA517E63", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "9F6AC4A6-41B9-414C-9ED1-017C23519688", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "D7D2F11E-38C3-412E-A7A4-B744FFA22310", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "36115C19-3D1E-43EF-BA29-F302EA032152", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "DB5678FD-4220-4D3D-A130-D6FD3131D0E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "C6953C4C-7FDD-4512-84FC-97F7F6204A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "A4ACA0B4-1E66-4709-9FF1-02E96AA3AAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "CCF6739B-1850-44EF-AB6F-F8C0D358E1FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A000386C-2E89-4E15-99F8-8CEE2B09389F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "A07E0F31-743F-4B69-BC8E-EE86966DE67C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "03428AFE-15BA-4767-9F96-0B964E2C83D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "61BF2C87-2482-4F69-AD84-08D2BB2995E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "388F5C79-6196-48E3-89F2-706D9D78E158", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.15:*:*:*:*:*:*:*", "matchCriteriaId": "9DB801EF-6186-4551-A638-3A04021013BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "D56C5AED-522B-4D32-A4D1-F05376600CCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "71D323D6-A8DC-4619-962D-A67E9F8826F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "86027C49-06BB-4A7D-81B8-02E90641C25D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "FE65E235-3331-41C9-8995-33D6CBBB3E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "6C00564B-169C-48B6-BC2F-CC83B34B64EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "86498EA0-91A2-4E7F-A4DE-CE7E59B8CEB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha13:*:*:*:*:*:*", "matchCriteriaId": "C16EE15E-6665-4D90-A6A6-6E6B0A76D301", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha14:*:*:*:*:*:*", "matchCriteriaId": "A3D9638B-1872-42EE-BE76-355D661786F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha15:*:*:*:*:*:*", "matchCriteriaId": "201D1449-A3B1-4AB8-96C6-D9A7772982BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha16:*:*:*:*:*:*", "matchCriteriaId": "E47FF159-F090-40D4-982C-AB77C9F88048", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha17:*:*:*:*:*:*", "matchCriteriaId": "C2A5F7F3-11D2-4B49-AA56-FCEE25A8E748", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha18:*:*:*:*:*:*", "matchCriteriaId": "D33A4018-0D71-41A5-B1FF-2622AB443555", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha19:*:*:*:*:*:*", "matchCriteriaId": "DEC05B25-EEAF-4D38-A410-6D838FE0DC9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "DC2E6F70-8E9C-481E-ADDF-E0F489C90D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha20:*:*:*:*:*:*", "matchCriteriaId": "66219BD9-6923-463D-BFD5-0D664118B413", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha21:*:*:*:*:*:*", "matchCriteriaId": "F21CA03A-B7EA-4FAC-8A79-199A443F37B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "60B091A8-6DCB-4ECB-8212-ABDBA8E13D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "EA98AC8F-4959-498A-85BB-24F357B2CFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "EF98AA36-CDD2-4E4F-AE75-7C1CF60CE044", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "FCECA19B-7D67-4D5C-891D-6770313C0392", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "DDA71FDD-8645-41E7-80A7-3D48F518746A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "4E18E368-63B5-4F94-AE9D-20CB8F290F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "B7054AD6-E363-405A-8560-BF2F357791DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8852444-14FA-4B7E-BF2D-DB27CA673B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "646BA2EE-1660-47E6-B713-3246B76B1B1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5995098-ACA1-45B7-8D71-3554282662E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "230AC295-D64E-4691-BC90-CCAC2C1E0B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "54A13FC4-7706-494C-8655-FCACDE653874", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "50CEE802-41E0-462D-B061-16F70C2B2B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "69BE7344-209D-4D80-BE7F-65E9BD290C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.8:*:*:*:*:*:*:*", "matchCriteriaId": "0AE61A00-D05F-465D-AAD2-C2E455E230F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.9:*:*:*:*:*:*:*", "matchCriteriaId": "FE77FE27-99BB-43CD-9C82-B42D09648115", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.10.10:*:*:*:*:*:*:*", "matchCriteriaId": "A9345861-A8C7-406A-BF0C-48E0007C86AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BFBEFAE-4B20-4FA3-98C5-2D20DC7AC1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "8566F0CC-0E4F-4795-A285-B5BCBAF1C02D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC670873-7979-4804-8274-F09B7C02AD2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA382179-FAFF-48AB-A276-471155589D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD87E3B4-B84F-4D0C-8C9A-9678F12C6D90", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3CD52FA-3F1D-4866-B3DC-F510D3707316", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.7:*:*:*:*:*:*:*", "matchCriteriaId": "E2D4DD6F-245F-4448-B90C-0A213D0F9C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.9:*:*:*:*:*:*:*", "matchCriteriaId": "2072E739-64F3-4AA6-82FB-D1DCB7D44D83", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.10:*:*:*:*:*:*:*", "matchCriteriaId": "BF817538-85D2-4A69-8251-1BD8E77A1529", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.12:*:*:*:*:*:*:*", "matchCriteriaId": "4CA398C2-2AFF-4D98-A571-482D4D915AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:0.11.14:*:*:*:*:*:*:*", "matchCriteriaId": "1E335419-9EEE-43F3-84EC-DF3335689604", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3E627F76-D230-4516-8154-6FC5FA01EDE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "16F7309F-7FEE-41CE-B3E1-CD123ED94811", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "2C0A5E78-6C4B-46E8-96E8-403C5A73DC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "0BBE7381-E2DD-42D2-B54E-63F11D8F8390", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "6565EC39-0D2E-46A9-9F90-D9169D934B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "4CE054B5-642F-4CC9-ADDB-D67F35EFA5AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "CD9E41A1-0914-41E4-8C54-6045E834B770", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "4015BEFE-A4E2-4C57-8CB8-27A0C41269E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "09C548F8-0406-4D6B-99C5-01BC2F103090", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5C019AA7-3CA3-4A88-B237-4A65E47D6F14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ory:hydra:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "9366464B-A56C-440D-ACB1-9E4B879DF789", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter."}, {"lang": "es", "value": "ORY Hydra, en versiones anteriores a la v1.0.0-rc.3+oryOS.9, tiene Cross-Site Scripting (XSS) reflejado mediante el par\u00e1metro error_hint en oauth2/fallbacks/error error_hint."}], "id": "CVE-2019-8400", "lastModified": "2024-11-21T04:49:50.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-17T06:29:00.643", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/456333"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=RIyZLeKEC8E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/456333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=RIyZLeKEC8E"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}