Improper Authorization in react-oauth-flow
All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. No fix is currently available. Consider using an alternative module until a fix is made available.