Security: CORDEA/oauth
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
state parameter for authz code and implicit grants is checked using assert. This will be omitted in -d:danger and --assertions:off builds leading to a CSRF vulnerabilityGHSA-pc9j-53g7-5x54 published
Aug 13, 2024 by CORDEAModerate -
Insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNGGHSA-332c-q46h-fg8f published
Aug 13, 2024 by CORDEAModerate
Learn more about advisories related to CORDEA/oauth in the GitHub Advisory Database