passport-oauth2 up to 1.6.0 on Node.js OAuth Identity Provider improper authentication [Disputed]

A vulnerability was found in passport-oauth2 up to 1.6.0 on Node.js (JavaScript Library). It has been classified as critical. Affected is an unknown function of the component OAuth Identity Provider Handler. Upgrading to version 1.6.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 8e3bcdff145a2219033bd782fc517229fe3e05ea is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

Description Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. An

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

Description IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

Description In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC)