Lucene search
K

26 matches found

NVD
NVD
added 2020/10/04 5:15 a.m.22 views

CVE-2017-18924

oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

7.5CVSS0.0219EPSS
Exploits1References5
OSV
OSV
added 2020/10/04 5:15 a.m.6 views

CVE-2017-18924

oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

7.5CVSS9.6AI score
Exploits0References5
Prion
Prion
added 2020/10/04 5:15 a.m.27 views

Authorization

DISPUTED oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid...

5CVSS8.4AI score0.0219EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2020/10/04 4:38 a.m.23 views

CVE-2017-18924

oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...

8.4AI score0.0219EPSS
Exploits1References5
CVE
CVE
added 2020/10/04 4:38 a.m.96 views

CVE-2017-18924

CVE-2017-18924 concerns oauth2-server (node-oauth2-server) up to version 3.1.1, which implements OAuth 2.0 without PKCE. The description states it does not prevent authorization code injection, similar to CVE-2020-7692, and notes the vendor’s stance that RFC7636 is an extension and the RFC 6749 c...

7.5CVSS8.3AI score0.0219EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/04 12:0 a.m.6 views

PT-2020-8469 · Unknown · Oauth2-Server

Name of the Vulnerable Software and Affected Versions: oauth2-server aka node-oauth2-server versions 3.1.1 and earlier Description: The issue is related to the implementation of OAuth 2.0 without PKCE, which does not prevent authorization code injection. This is similar to a previously known issu...

7.5CVSS7.6AI score0.0219EPSS
Exploits1References10
Rows per page
Query Builder