Open Redirect Affecting github.com/pusher/oauth2_proxy Open this link in a new tab package, versions <5.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
31 Jan 2020
30 Jan 2020
How to fix?
github.com/pusher/oauth2_proxy to version 5.0.0 or higher.
github.com/pusher/oauth2_proxy is a reverse proxy that provides authentication with Google, Github or other providers.
Affected versions of this package are vulnerable to Open Redirect. The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect. Authentication tokens could be silently harvested by an attacker.