Описание
Improper Authorization in react-oauth-flow
All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Пакеты
Наименование
react-oauth-flow
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-285
Дефекты
CWE-285