Lucene search
GoogleOSV:GHSA-2FW4-MGQ9-39CXHistoryApr 22, 2021 - 3:53 p.m.
Code Injection in oauth2-server
2021-04-2215:53:45
Google
osv.dev
6
0.007 Low
EPSS
Percentile
79.8%
“oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states ‘As RFC7636 is an extension, I think the claim in the Readme of “RFC 6749 compliant” is valid and not misleading and I also therefore wouldn’t describe this as a “vulnerability” with the library per se.’”
| CPE | Name | Operator | Version |
|---|---|---|---|
| oauth2-server | le | 3.1.1 |
Related
cve
cve
CVE-2017-18924
2020-10-04 05:15:12
CVE-2020-7692
2020-07-09 14:15:11
github
github
Code Injection in oauth2-server
2021-04-22 15:53:45
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
prion
prion
Authorization
2020-10-04 05:15:00
Authorization
2020-07-09 14:15:00
cvelist
cvelist
CVE-2017-18924
2020-10-04 04:38:47
CVE-2020-7692 Improper Authorization
2020-07-09 00:00:00
nvd
nvd
CVE-2017-18924
2020-10-04 05:15:12
CVE-2020-7692
2020-07-09 14:15:11
nodejs
nodejs
Code Injection
2021-05-04 04:19:25
osv
osv
Improper Authorization in Google OAuth Client
2021-09-28 16:16:52
CVE-2020-7692
2020-07-09 14:15:11
ibm
ibm
ubuntucve
ubuntucve
CVE-2020-7692
2020-07-09 00:00:00
debiancve
debiancve
CVE-2020-7692
2020-07-09 14:15:11
veracode
veracode
Improper Authorization
2020-07-13 05:26:51
nessus
nessus
JFrog Artifactory < 7.10.2 Authentication Bypass
2020-12-16 00:00:00
JFrog < 6.23.0 Multiple Vulnerabilities
2021-03-12 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)
2024-04-28 00:00:00
redhatcve
redhatcve
CVE-2020-7692
2020-07-13 13:52:00
redhat
redhat