### Impact All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is ...
Continue Reading07 июля, 2023
### Impact All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is ...
Continue Reading07 июля, 2023
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality o ...
Continue Reading07 июля, 2023
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey cons ...
Continue Reading07 июля, 2023
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication byp ...
Continue Reading01 июля, 2023
[![SaaS Security](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() In today's fast-paced digital landscape, the widespread adoptio ...
Continue Reading01 июля, 2023
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.Read More ...
Continue Reading01 июля, 2023
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.Read More ...
Continue Reading01 июля, 2023
Back to Main