Lucene search
MitreCVELIST:CVE-2017-18924HistoryOct 04, 2020 - 4:38 a.m.
CVE-2017-18924
2020-10-0404:38:47
mitre
www.cve.org
5
oauth2-server
oauth 2.0
pkce
authorization code injection
rfc7636
oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of “RFC 6749 compliant” is valid and not misleading and I also therefore wouldn’t describe this as a “vulnerability” with the library per se.
Related
cve
cve
CVE-2017-18924
2020-10-04 05:15:12
CVE-2020-7692
2020-07-09 14:15:11
github
github
Code Injection in oauth2-server
2021-04-22 15:53:45
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
osv
osv
Code Injection in oauth2-server
2021-04-22 15:53:45
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
CVE-2020-7692
2020-07-09 14:15:11
nvd
nvd
CVE-2017-18924
2020-10-04 05:15:12
CVE-2020-7692
2020-07-09 14:15:11
prion
prion
Authorization
2020-10-04 05:15:00
Authorization
2020-07-09 14:15:00
nodejs
nodejs
Code Injection
2021-05-04 04:19:25
ibm
ibm
ubuntucve
ubuntucve
CVE-2020-7692
2020-07-09 00:00:00
debiancve
debiancve
CVE-2020-7692
2020-07-09 14:15:11
nessus
nessus
JFrog Artifactory < 7.10.2 Authentication Bypass
2020-12-16 00:00:00
JFrog < 6.23.0 Multiple Vulnerabilities
2021-03-12 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)
2024-04-28 00:00:00
cvelist
cvelist
CVE-2020-7692 Improper Authorization
2020-07-09 13:20:16
veracode
veracode
Improper Authorization
2020-07-13 05:26:51
redhatcve
redhatcve
CVE-2020-7692
2020-07-13 13:52:00
redhat
redhat