Upgrade AlmaLinux:8 kernel to version 0:4.18.0-513.5.1.el8_9 or higher. This issue was patched in ALSA-2023:7077 .

@goauthentik/web@0.0.8 vulnerabilities

latest version

0.0.10

first published

2 years ago

latest version published

2 years ago

licenses detected

GPL-3.0
>=0

View web package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @goauthentik/web package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Incorrect Regular Expression Affected versions of this package are vulnerable to Incorrect Regular Expression due to the insecure handling of `OAuth2` redirect URIs, which are checked by RegEx comparison without proper escaping of special characters. An attacker can manipulate the validation process by registering a domain that closely resembles the intended domain, thus bypassing the validation checks. How to fix Incorrect Regular Expression? There is no fixed version for `@goauthentik/web`.	*

Incorrect Regular Expression

Affected versions of this package are vulnerable to Incorrect Regular Expression due to the insecure handling of OAuth2 redirect URIs, which are checked by RegEx comparison without proper escaping of special characters. An attacker can manipulate the validation process by registering a domain that closely resembles the intended domain, thus bypassing the validation checks.

How to fix Incorrect Regular Expression?

There is no fixed version for @goauthentik/web.

Go back to all versions of this package