oauth2-server@2.4.1 vulnerabilities
Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js
-
latest version
3.1.1
-
first published
14 years ago
-
latest version published
4 years ago
-
licenses detected
- >=2.2.2 <3.0.0-b1
Direct Vulnerabilities
Known vulnerabilities in the oauth2-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when the value of the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|
oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Access Restriction Bypass via implementation of OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: this vulnerability is disputed by the vendor, who states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not misleading and I also therefore wouldn't describe this as a "vulnerability" with the library per se.' How to fix Access Restriction Bypass? There is no fixed version for |
*
|