yiisoft/yii2-authclient

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting yiisoft/yii2-authclientpage 1 of 1

CVE-2023-50708MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.2.15
2023-12-22
vulnerable: 2.0.0 ... 2.2.9 (33 versions)
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing…
CVE-2023-50714MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.2.15
2023-12-22
vulnerable: 2.0.0 ... 2.2.9 (33 versions)
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCod…

Check whether yiisoft/yii2-authclient is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yiisoft/yii2-authclient CVEs against the assets you own.

Start Free Scan →