Open Redirect in oauth2_proxy
Moderate severity
GitHub Reviewed
Published
Dec 20, 2021
to the GitHub Advisory Database
•
Updated Sep 27, 2023
Package
Affected versions
< 2.2.0
Patched versions
2.2.0
Description
Reviewed
May 19, 2021
Published to the GitHub Advisory Database
Dec 20, 2021
Last updated
Sep 27, 2023
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
References