GHSA-xm3x-4ph3-3x9c – friendsofsymfony/oauth2-php

Package

Manager: composer
Name: friendsofsymfony/oauth2-php
Vulnerable Version: >=0 <1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

friendsofsymfony/oauth2-php open redirection in oauth An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port, ensuring more secure redirection.

Metadata

Created: 2024-05-15T21:39:29Z
Modified: 2024-05-15T21:39:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-xm3x-4ph3-3x9c/GHSA-xm3x-4ph3-3x9c.json
CWE IDs: []
Alternative ID: N/A
Finding: F007
Auto approve: 1