GHSA-xm3x-4ph3-3x9c: friendsofsymfony/oauth2-php open redirection in oauth
An open redirection vulnerability has been identified in the friendsofsymfony/oauth2-php library, which could potentially expose users to unauthorized redirects during the OAuth authentication process. This vulnerability has been addressed by implementing an exact check for the domain and port, ensuring more secure redirection.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/oauth2-php/2020-03-03-1.yaml
- github.com/FriendsOfSymfony/oauth2-php
- github.com/FriendsOfSymfony/oauth2-php/commit/606b8ea1c3c927c272ac1409116332ad5a2ed94c
- github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0
- github.com/advisories/GHSA-xm3x-4ph3-3x9c
Code Behaviors & Features
Detect and mitigate GHSA-xm3x-4ph3-3x9c with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →