Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rcm4-jv5g-wccm: zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren’t checked for validity/expiration.

This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials.

ghsa
#git#oauth#auth

zfr authentication adapter did not verify validity of tokens

High severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP