CVE-2023-50708 in yii2-authclientinformazioni

Riassunto

di MITRE • 22/12/2023

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

GitHub, Inc.

Prenotare

11/12/2023

Divulgazione

22/12/2023

Moderazione

accettato

CPE

pronto

EPSS

0.00716

KEV

no

Attività

molto basso

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!