2 matches found
CVE-2017-18924
CVE-2017-18924 concerns oauth2-server (node-oauth2-server) up to version 3.1.1, which implements OAuth 2.0 without PKCE. The description states it does not prevent authorization code injection, similar to CVE-2020-7692, and notes the vendor’s stance that RFC7636 is an extension and the RFC 6749 c...
CVE-2020-26938
CVE-2020-26938 affects oauth2-server/node-oauth2-server