You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A pull request raised concerns over a potential scenario which would allow improper authentication when using passport-oauth2 (and strategies based on passport-oauth2). Since security of Passport and related packages is of highest priority, an assessment has been performed and details have been published.
To briefly summarize, I don't believe the report constitutes a legitimate security vulnerability, and there is no evidence exploits.
That being said, the modifications suggested by the pull request add additional safeguards as part of a defense in depth approach. These safeguards are available in [email protected].
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
A pull request raised concerns over a potential scenario which would allow improper authentication when using
passport-oauth2
(and strategies based onpassport-oauth2
). Since security of Passport and related packages is of highest priority, an assessment has been performed and details have been published.To briefly summarize, I don't believe the report constitutes a legitimate security vulnerability, and there is no evidence exploits.
That being said, the modifications suggested by the pull request add additional safeguards as part of a defense in depth approach. These safeguards are available in
[email protected]
.Beta Was this translation helpful? Give feedback.
All reactions