@cloudflare/workers-oauth-provider@0.0.0-239e753 vulnerabilities
OAuth provider for Cloudflare Workers
latest version
0.0.12
latest non vulnerable version
first published
7 months ago
latest version published
8 days ago
Direct Vulnerabilities
Known vulnerabilities in the @cloudflare/workers-oauth-provider package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@cloudflare/workers-oauth-provider is an OAuth provider for Cloudflare Workers Affected versions of this package are vulnerable to Open Redirect due to the missing validation of the redirect URI on the authorize endpoint. An attacker can impersonate a user and potentially steal credentials by tricking a victim into visiting a malicious website. This is only exploitable if the OAuth server's authorized callback is designed to auto-approve authorizations that appear to come from an OAuth client that the victim has previously authorized. How to fix Open Redirect? Upgrade | <0.0.5 |
@cloudflare/workers-oauth-provider is an OAuth provider for Cloudflare Workers Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the implementation of the PKCE mechanism. An attacker can bypass the PKCE protection by performing a downgrade attack. This is only exploitable if the server is configured to accept OAuth 2.0 instead of the required OAuth 2.1. How to fix Improper Verification of Cryptographic Signature? Upgrade | <0.0.5 |