Yii2-authclient@* Security Vulnerabilities and Issues — Yii2-authclient@* CVE List

Lucene search

YiisoftYii2-authclient*

2 matches found

CVE•added 2023/12/22 7:15 p.m.•63 views

CVE-2023-50708

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 state and OpenID Connect nonce is vulnerable for a timing attack since it is compared via regular string comparison (inste...

9.8CVSS7.8AI score0.00162EPSS

CVE•added 2023/12/22 7:15 p.m.•57 views

CVE-2023-50714

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage (similar to authState...

8.8CVSS7.5AI score0.00114EPSS