passport-oauth2 up to 1.6.0 on Node.js OAuth Identity Provider improper authentication

A vulnerability was found in passport-oauth2 up to 1.6.0 on Node.js (JavaScript Library). It has been classified as critical. Affected is an unknown function of the component OAuth Identity Provider Handler. Upgrading to version 1.6.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 8e3bcdff145a2219033bd782fc517229fe3e05ea is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1401 : DEVICE42 ASSET MANAGEMENT APPLIANCE PRIOR 18.01.00 WRIMAGERESOURCE.ADX ACCESS CONTROL

CVE-2022-1401 : DEVICE42 ASSET MANAGEMENT APPLIANCE PRIOR 18.01.00 WRIMAGERESOURCE.ADX ACCESS CONTROL

Description Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

Description Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

Description A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by