Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14bTN4LTRwaDMtM3g5Y84AA8IU
friendsofsymfony/oauth2-php open redirection in oauth
An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port, ensuring more secure redirection.
Permalink: https://github.com/advisories/GHSA-xm3x-4ph3-3x9cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14bTN4LTRwaDMtM3g5Y84AA8IU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 7 months ago
Identifiers: GHSA-xm3x-4ph3-3x9c
References:
- https://github.com/FriendsOfSymfony/oauth2-php/commit/606b8ea1c3c927c272ac1409116332ad5a2ed94c
- https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/oauth2-php/2020-03-03-1.yaml
- https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0
- https://github.com/advisories/GHSA-xm3x-4ph3-3x9c
Blast Radius: 0.0
Affected Packages
packagist:friendsofsymfony/oauth2-php
Dependent packages: 30Dependent repositories: 686
Downloads: 16,249,628 total
Affected Version Ranges: < 1.3.0
Fixed in: 1.3.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3
All unaffected versions: 1.3.0, 1.3.1