5 matches found
GO-2026-4586 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin
OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
GHSA-45M3-398W-M2M9 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling
Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...
EUVD-2023-2056
Malicious code in bioql PyPI...
GHSA-G8X5-P9QC-CF95 @fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...
GHSA-HGXV-3497-3HHJ Duplicate Advisory: @fastify/oauth2 Oauth2 state parameter reuse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8x5-p9qc-cf95. This link is maintained to preserve external references. Original Description All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all...