6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15234

GHSA ID

GHSA-grfp-q2mm-hfp6

EPSS Score

0.48761%

CWE

CWE-20

Published

5/24/2021

Updated

2/1/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15234

CVE-2020-15234: Redirect URL matching ignores character casing

Impact

Before version v0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match:

Registering a client with allowed redirect URL https://example.com/callback
Performing OAuth2 flow and requesting redirect URL https://example.com/CALLBACK
Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example).

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15234

GHSA ID

GHSA-grfp-q2mm-hfp6

EPSS Score

0.48761%

CWE

CWE-20

Published

5/24/2021

Updated

2/1/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/ory/fosite	go	< 0.34.1	0.34.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key issues in URL validation: 1) Case-insensitive comparison via strings.ToLower in isMatchingRedirectURI's main check, and 2) Insufficient validation in isLoopbackURI that didn't match hostnames exactly or verify query parameters. The commit replaced strings.ToLower with direct string comparison and renamed/rewrote isLoopbackURI as isMatchingAsLoopback with stricter checks, confirming these were the vulnerable functions. Test cases removing case variation validations further support this analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t ***or* v*rsion v*.**.*, t** O*ut* *.* *li*nt's r**ist*r** r**ir**t URLs *n* t** r**ir**t URL provi*** *t t** O*ut** *ut*oriz*tion *n*point w**r* *omp*r** usin* `strin*s.ToLow*r` w*il* t**y s*oul* **v* ***n *omp*r** wit* * simpl* strin* m*

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s in URL v*li**tion: *) **s*-ins*nsitiv* *omp*rison vi* `strin*s.ToLow*r` in `isM*t**in*R**ir**tURI`'s m*in ****k, *n* *) Insu**i*i*nt v*li**tion in `isLoop***kURI` t**t *i*n't m*t** *ostn*m*s *x**tly or v*

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-15234: Redirect URL matching ignores character casing

Impact

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI