40
Affected versions of the package are vulnerable to Cleartext Transmission of Sensitive Information. The library does not prevent the interaction with non-TLS HTTP endpoints. The new 3.0.0 version does have this constraint, although, for testing purposes, there is still the possibility to opt out using a newly added setting.
You're affected if you are using a version which is within vulnerability ranges.
Upgrade oauth4webapi library to patch version.