Description
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
Affected products and versions Okta OIDC Middleware prior to version 5.0.0.
Resolution The vulnerability is fixed in OIDC Middleware 5.0.0.
Recommendation
Update the @okta/oidc-middleware package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.0.0
- Patched version(s): 5.0.0
References
Related Issues
- DOMPurify Open Redirect vulnerability - CVE-2019-25155
- ReDoS Vulnerability in ua-parser-js version - CVE-2022-25927
- matrix-js-sdk Prototype Pollution vulnerability - CVE-2022-36059
- Open Redirect in urijs - CVE-2022-0868
You might also like:
- Tags:
- npm
- @okta/oidc-middleware
Anything's wrong? Let us know Last updated on February 07, 2023


