Open Redirect

2019-03-2205:00:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

41.8%

JSON

doorkeeper-openid_connect is vulnerable to open redirect. The attack exists because it does not filter redirect_uri in OAuth authorization request when handling custom parameters, causing an error response with the openid scope and a prompt=none value.