Security Advisories - yiisoft/yii2-authclient - Packagist

yiisoft/yii2-authclient Security Advisories for 2.1.1 (2)

[LOW] yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation

PKSA-214w-kkvr-bpyq CVE-2023-50708 GHSA-w8vh-p74j-x9xp

Affected version: <=2.2.14

Reported by:
GitHub
[MEDIUM] yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable

PKSA-wcwc-j6xh-hv2d CVE-2023-50714 GHSA-rw54-6826-c8j5

Affected version: <2.2.15

Reported by:
GitHub