passport-oauth2 v1.6.1 #851
jaredhanson
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
A pull request raised concerns over a potential scenario which would allow improper authentication when using
passport-oauth2(and strategies based onpassport-oauth2). Since security of Passport and related packages is of highest priority, an assessment has been performed and details have been published.To briefly summarize, I don't believe the report constitutes a legitimate security vulnerability, and there is no evidence exploits.
That being said, the modifications suggested by the pull request add additional safeguards as part of a defense in depth approach. These safeguards are available in
passport-oauth2@1.6.1.Beta Was this translation helpful? Give feedback.
All reactions