Feathers has an OAuth Callback Account Takeover issue

An unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's authentication payload has a fallback chain that reaches params.query the raw request query when Grant's session/state responses are empt...

Feathers 信息泄露漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. Feathers versions 5.0.39 and earlier contained an information leakage vulnerability. This vulnerability stemmed from the fact that all HTT...

Feathers 安全漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers Feather-Sequalize security vulnerability , the vulnerability stems from the cleanQuery function uses insecure recursive logic , which can lead to...