4 matches found
CVE-2023-37260
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...
CVE-2023-37260
creationtimestamp| type| source ---|---|--- 2023-07-06 20:20:35+00:00| seen| https://t.me/cibsecurity/66146...
CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...
CVE-2023-37260
The CVE-2023-37260 issue affects league/oauth2-server (PHP). Root cause: when a server passed a CryptKey as a string instead of a file path and no valid pass phrase was provided, the key could be exposed in a LogicException message. Impact stated: potential exposure of the key in exception messag...