AIKIDO-2024-10325
oauth4webapi is vulnerable to Cleartext Transmission of Sensitive Information
40
Medium
oauth4webapi js
AIKIDO-2024-10325: oauth4webapi is vulnerable to Cleartext Transmission of Sensitive Information in versions 0.0.1 - 2.17.0.
Cleartext Transmission of Sensitive Information
Vuln in 0.0.1 - 2.17.0
Fixed in 3.0.0
No CVE available
TL;DR
Affected versions of the package are vulnerable to Cleartext Transmission of Sensitive Information. The library does not prevent the interaction with non-TLS HTTP endpoints. The new 3.0.0 version does have this constraint, although, for testing purposes, there is still the possibility to opt out using a newly added setting.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade oauth4webapi library to patch version.
Background info
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US