CVE-2019-8400

NONE EPSS 67.3%
Published Feb 17, 20197y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Feb 17, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Threat Intelligence

EPSS Exploit Probability
67.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 129

VendorProductVersionRange
oryhydra0.1any
oryhydra0.1any
oryhydra0.1any
oryhydra0.1any
oryhydra0.2.0any
oryhydra0.3.0any
oryhydra0.3.1any
oryhydra0.4.0any
oryhydra0.4.1any
oryhydra0.4.2any
oryhydra0.4.2any
oryhydra0.4.2any
oryhydra0.4.2any
oryhydra0.4.2any
oryhydra0.4.2any
oryhydra0.4.3any
oryhydra0.5.0any
oryhydra0.5.1any
oryhydra0.5.2any
oryhydra0.5.3any
oryhydra0.5.4any
oryhydra0.5.5any
oryhydra0.5.6any
oryhydra0.5.7any
oryhydra0.5.8any
oryhydra0.6.0any
oryhydra0.6.1any
oryhydra0.6.2any
oryhydra0.6.3any
oryhydra0.6.4any
oryhydra0.6.5any
oryhydra0.6.6any
oryhydra0.6.7any
oryhydra0.6.8any
oryhydra0.6.9any
oryhydra0.6.10any
oryhydra0.7.0any
oryhydra0.7.1any
oryhydra0.7.2any
oryhydra0.7.3any
oryhydra0.7.4any
oryhydra0.7.5any
oryhydra0.7.6any
oryhydra0.7.7any
oryhydra0.7.8any
oryhydra0.7.9any
oryhydra0.7.10any
oryhydra0.7.11any
oryhydra0.7.12any
oryhydra0.7.13any
oryhydra0.8.0any
oryhydra0.8.1any
oryhydra0.8.2any
oryhydra0.8.3any
oryhydra0.8.4any
oryhydra0.8.5any
oryhydra0.8.6any
oryhydra0.8.7any
oryhydra0.9.0any
oryhydra0.9.1any
oryhydra0.9.2any
oryhydra0.9.3any
oryhydra0.9.4any
oryhydra0.9.5any
oryhydra0.9.6any
oryhydra0.9.7any
oryhydra0.9.8any
oryhydra0.9.9any
oryhydra0.9.10any
oryhydra0.9.11any
oryhydra0.9.12any
oryhydra0.9.13any
oryhydra0.9.14any
oryhydra0.9.15any
oryhydra0.9.16any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.0any
oryhydra0.10.1any
oryhydra0.10.2any
oryhydra0.10.3any
oryhydra0.10.4any
oryhydra0.10.5any
oryhydra0.10.6any
oryhydra0.10.7any
oryhydra0.10.8any
oryhydra0.10.9any
oryhydra0.10.10any
oryhydra0.11.0any
oryhydra0.11.1any
oryhydra0.11.2any
oryhydra0.11.3any
oryhydra0.11.4any
oryhydra0.11.6any
oryhydra0.11.7any
oryhydra0.11.9any
oryhydra0.11.10any
oryhydra0.11.12any
oryhydra0.11.14any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any
oryhydra1.0.0any

References 5

  • drive.google.com https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk
    Release NotesThird Party Advisory
  • github.com https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06
    Release NotesThird Party Advisory
  • github.com https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3
    PatchThird Party Advisory
  • hackerone.com https://hackerone.com/reports/456333
    ExploitIssue TrackingThird Party Advisory
  • youtube.com https://www.youtube.com/watch?v=RIyZLeKEC8E
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3
    PatchThird Party Advisory