CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Posted by Angelo Barbosa | Dec 18, 2023 | CVE

A vulnerability was found in yii2-authclient up to 2.2.14. It has been declared as problematic. This vulnerability affects unknown code of the component OAuth1/OAuth2/OpenID. The manipulation leads to observable timing discrepancy.

This vulnerability was named CVE-2023-50708. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50708 | yii2-authclient up to 2.2.14 OAuth1/OAuth2/OpenID timing discrepancy

Related Posts

CVE-2024-33153 | J2EEFAST 2.7.0 commentList sql_filter sql injection

CVE-2024-20327 | Cisco IOS XR on ASR 9000 PPPoE denial of service (cisco-sa-iosxr-pppma-JKWFgneW)

CVE-2024-5108 | Campcodes Complete Web-Based School Management System 1.0 student_payment_details4.php index sql injection

CVE-2024-33948 | Pixel Industry TweetScroll Widget Plugin up to 1.3.7 on WordPress cross site scripting