yiisoft/yii2-authclient Security Advisories for 2.0.0-beta (2)
-
[LOW] yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
PKSA-214w-kkvr-bpyq CVE-2023-50708 GHSA-w8vh-p74j-x9xp
Affected version: <=2.2.14
Reported by:
GitHub -
[MEDIUM] yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
PKSA-wcwc-j6xh-hv2d CVE-2023-50714 GHSA-rw54-6826-c8j5
Affected version: <2.2.15
Reported by:
GitHub