oauthenticator@16.0.7 vulnerabilities

OAuthenticator: Authenticate JupyterHub users with common OAuth providers

latest version

16.3.0
latest non vulnerable version

16.3.0
first published

8 years ago
latest version published

2 months ago
licenses detected
- BSD-2-Clause
  [0,)
View oauthenticator package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the oauthenticator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Authentication Bypass Affected versions of this package are vulnerable to Authentication Bypass that relies on membership in a Google organization/workspace for authentication by matching the `GoogleOAuthenticator.hosted_domain`. An attacker in possession of an illegitimate email address on a legitimate Google domain can gain unauthorized access to a JupyterHub. How to fix Authentication Bypass? Upgrade `oauthenticator` to version 16.3.0 or higher.	[,16.3.0)

Authentication Bypass

Affected versions of this package are vulnerable to Authentication Bypass that relies on membership in a Google organization/workspace for authentication by matching the GoogleOAuthenticator.hosted_domain. An attacker in possession of an illegitimate email address on a legitimate Google domain can gain unauthorized access to a JupyterHub.

How to fix Authentication Bypass?

Upgrade oauthenticator to version 16.3.0 or higher.

[,16.3.0)

Go back to all versions of this package

oauthenticator@16.0.7 vulnerabilities

OAuthenticator: Authenticate JupyterHub users with common OAuth providers

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities