Homepage
About Snyk

@fastify/oauth2@5.1.0 vulnerabilities

Perform login using oauth2 protocol

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @fastify/oauth2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

@fastify/oauth2 is a Perform login using oauth2 protocol

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to mishandling the state parameter, which is not kept unique among users.

NOTE: The fix for this vulnerability contains a breaking change in the checkStateFunction function, which now accepts the full Request object.

NOTE: This vulnerability is also referred to by CVE-2023-31999.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade @fastify/oauth2 to version 7.2.0 or higher.

<7.2.0
Go back to all versions of this package