Yii2-authclient Security Vulnerabilities and Issues — Yii2-authclient CVE List

Lucene search

YiisoftYii2-authclient

1 matches found

CVE•added 2023/12/22 7:15 p.m.•64 views

CVE-2023-50708

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 state and OpenID Connect nonce is vulnerable for a timing attack since it is compared via regular string comparison (inste...

9.8CVSS7.8AI score0.00162EPSS