In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.
Start learningUpgrade alextselegidis/easyappointments to version 1.6.0 or higher.
alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the oauth_callback process. An attacker can access and modify another user's Google sync configuration by rebinding a peer provider's Google account to one they control, resulting in unauthorized synchronization of appointment data, including customer names and emails, into the attacker's calendar.