Passport Oauth2
1 CVEs
product
Monthly
The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
Information Disclosure
Passport Oauth2
NVD
GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-41580
npm
EPSS 1%
CVSS 5.3
MEDIUM
PATCH
This Month
The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
Information Disclosure
Passport Oauth2
NVD
GitHub