GHSA-65M9-M259-7JQW Improper Authorization in react-oauth-flow

All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...

Improper Authorization in react-oauth-flow

All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...

@rebelware/fibonacci-generator (=0.0.3), react-oauth2-auth-code-flow (>=1.0.0 <=1.0.2) potentially affected by unknown CVE via react-oauth-flow (=1.2.0)

react-oauth-flow NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-oauth-flow and may be impacted: - @rebelware/fibonacci-generator =0.0.3 - react-oauth2-auth-code-flow =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory:...

Information Disclosure

react-oauth-flow is vulnerable to information disclosure. The vulnerability exists as it stores secrets in the front-end instead of using a properly implemented OAuth client...

Improper Authorization

Overview All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendatio...