GHSA-xm3x-4ph3-3x9c

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

friendsofsymfony/oauth2-php open redirection in oauth

An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port, ensuring more secure redirection.

Ссылки

https://github.com/FriendsOfSymfony/oauth2-php/commit/606b8ea1c3c927c272ac1409116332ad5a2ed94c
https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/oauth2-php/2020-03-03-1.yaml
https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0

Пакеты

Наименование

friendsofsymfony/oauth2-php

composer

Затронутые версииВерсия исправления

< 1.3.0

1.3.0