Improper Authorization

Affecting react-oauth-flow package, versions >=0.0.0

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

react-oauth-flow is a small library to simplify the use of OAuth2 authentication inside your react applications.

This package has been deprecated by the maintainer.

Affected versions of this package are vulnerable to Improper Authorization. It fails to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser.

Remediation

There is no fixed version for react-oauth-flow.

References

CVSS Score

7.5
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Credit
Matthew Huang
CWE
CWE-255
Snyk ID
SNYK-JS-REACTOAUTHFLOW-559019
Disclosed
28 Feb, 2020
Published
28 Feb, 2020