Lucene search
K

5 matches found

OSV
OSV
added 2026/03/10 6:28 p.m.5 views

GO-2026-4586 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin

OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 9:41 p.m.5 views

GHSA-45M3-398W-M2M9 OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling

Summary An unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic fatal error: concurrent map writes and process termination. This...

7.5CVSS6.1AI score0.00394EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2056

Malicious code in bioql PyPI...

8.8CVSS8AI score0.00679EPSS
Exploits1References7
OSV
OSV
added 2023/07/05 9:36 p.m.34 views

GHSA-G8X5-P9QC-CF95 @fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state

Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...

7.4CVSS7.9AI score0.00679EPSS
Exploits1References6
OSV
OSV
added 2023/07/04 6:30 p.m.8 views

GHSA-HGXV-3497-3HHJ Duplicate Advisory: @fastify/oauth2 Oauth2 state parameter reuse

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8x5-p9qc-cf95. This link is maintained to preserve external references. Original Description All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all...

8.8CVSS8.7AI score0.00679EPSS
Exploits1References5
Rows per page
Query Builder