EUVD-2023-2165

Malicious code in bioql PyPI...

GHSA-WJ7Q-GJG8-3CPM league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

CVE-2023-37260

The CVE-2023-37260 issue affects league/oauth2-server (PHP). Root cause: when a server passed a CryptKey as a string instead of a file path and no valid pass phrase was provided, the key could be exposed in a LogicException message. Impact stated: potential exposure of the key in exception messag...

oauth2-server 安全漏洞

oauth2-server is a standards-compliant implementation of OAuth 2.0 authorization server written in PHP for individual developers . Provides authentication and authorization capabilities for applications to secure APIs. A security vulnerability exists in oauth2-server versions prior to 8.3.2 throu...