Microsoft Identitymodel Extensions
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Identitymodel Extensions.
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Identitymodel Extensions. Identitymodel Extensions did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 8.80 |
It may take a day or so for new Identitymodel Extensions vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Identitymodel Extensions Security Vulnerabilities
MS IdentityModel SignedHttpRequest jku Trust Flaw v7.x<7.1.2 / v6.x<6.34.0
CVE-2024-21643
8.8 - High
- January 10, 2024
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Identitymodel Extensions or by Microsoft? Click the Watch button to subscribe.
