4 matches found
@akanjs/document (>=0.0.29 <=0.0.45), @akanjs/nest (>=0.0.4 <=1.0.21) +117 more potentially affected by CVE-2021-41580 via passport-oauth2 (>=1.1.1 <=1.6.0)
passport-oauth2 NPM version =1.1.1, =0.0.29, =0.0.4, =0.0.4, =0.0.29, =0.0.32, =0.0.0-nightly-2020972106, =0.0.0-nightly-202201422556, =0.1.0, =0.1.0, =0.4.0, =0.0.2, =0.3.2 and more Source cves: CVE-2021-41580 Source advisory: OSV:GHSA-F794-R6XC-HF3V...
CVE-2021-41580
The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...
CVE-2021-41580
The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...
CVE-2021-41580
CVE-2021-41580 affects the passport-oauth2 package prior to 1.6.1 for Node.js. The root issue is mishandling of the error condition when failing to obtain an access token, which can be exploited when an OAuth provider reports authentication failures with HTTP 200 and the application grants author...