Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/oauth2-proxy/oauth2-proxy/v7

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/oauth2-proxy/oauth2-proxy/v7 in go

High
about 2 months ago

OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex GSA_kwCzR0hTQS1weHE3LWg5M2YtOWpyZ84ABVVd

go github.com/oauth2-proxy/oauth2-proxy/v7
Moderate
about 2 months ago

OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims GSA_kwCzR0hTQS1jNWM0LThyNngtNTZ3M84ABVVc

go github.com/oauth2-proxy/oauth2-proxy/v7
Critical
about 2 months ago

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing GSA_kwCzR0hTQS03eDYzLXh2NXItM3AyeM4ABVVb

go github.com/oauth2-proxy/oauth2-proxy/v7
Critical
about 2 months ago

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode GSA_kwCzR0hTQS01aHZ2LW00dzQtZ2Y2ds4ABVSz

go github.com/oauth2-proxy/oauth2-proxy, github.com/oauth2-proxy/oauth2-proxy/v7
Low
about 2 months ago

OAuth2 Proxy's session cookies are not cleared when rendering sign-in page GSA_kwCzR0hTQS1mMjR4LTVnOXEtNzUzZs4ABVSy

go github.com/oauth2-proxy/oauth2-proxy/v7
High
7 months ago

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation GSA_kwCzR0hTQS12anJjLW1oMnYtNDV4Ns4ABOfe

go github.com/oauth2-proxy/oauth2-proxy/v7
Critical
10 months ago

OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion GSA_kwCzR0hTQS03cmg3LWM3N3YtNjQzNM4ABKqh

go github.com/oauth2-proxy/oauth2-proxy/v7
Moderate
10 months ago

OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 GSA_kwCzR0hTQS02NTJ4LW0yZ3ItaHBwbc4ABKqL

go github.com/oauth2-proxy/oauth2-proxy/v7
Low
about 5 years ago

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtZjItZjN3aC1ndmYy

go github.com/oauth2-proxy/oauth2-proxy, github.com/oauth2-proxy/oauth2-proxy/v7

Filter by Severity

Critical 3 Moderate 2 Low 2 High 2