2 matches found
CVE-2026-41213
@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...
Shrinking the Generation-Verification Gap with Weak Verifiers
Verifiers can improve language model capabilities by scoring and ranking responses from generated candidates. Currently, high-quality verifiers are either unscalable e.g., humans or limited in utility e.g., tools like Lean. While LM judges and reward models have become broadly useful as...