Description
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
Affected products and versions Okta OIDC Middleware prior to version 5.0.0.
Resolution The vulnerability is fixed in OIDC Middleware 5.0.0.
Recommendation
Update the @okta/oidc-middleware package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.0.0
- Patched version(s): 5.0.0
References
Related Issues
- Open Redirect in urijs - CVE-2022-0868
- libp2p DoS vulnerability from lack of resource management - CVE-2022-23487
- Denial of Service (DoS) vulnerability in RSSHub - CVE-2022-31110
- steal Inefficient Regular Expression Complexity vulnerability via string variable - CVE-2022-37259
You might also like:
- Tags:
- npm
- @okta/oidc-middleware
Anything's wrong? Let us know Last updated on February 07, 2023