Fluid Attacks Database

Description

friendsofsymfony/oauth2-php open redirection in oauth An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port, ensuring more secure redirection.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	friendsofsymfony/oauth2-php	>=0 <1.3.0	1.3.0

Aliases

1. GCVE-GHSA-xm3x-4ph3-3x9c

References

1. https://github.com/FriendsOfSymfony/oauth2-php/commit/606b8ea1c3c927c272ac1409116332ad5a2ed94c2. https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/oauth2-php/2020-03-03-1.yaml3. https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.