logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.
References
Link | Resource |
---|---|
https://archive.ph/PecmD | Third Party Advisory |
https://archive.ph/VlGDa | Technical Description Third Party Advisory |
https://blog.logrocket.com/implement-oauth-2-0-node-js/ | Product Technical Description Vendor Advisory |
https://github.com/diogosouza/logrocket-oauth2-example | Broken Link |
https://github.com/secoats/cve/tree/master/CVE-2022-38488_sqli_logrocket-oauth2-example | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-14T00:00:00
Updated: 2022-12-14T00:00:00
Reserved: 2022-08-20T00:00:00
Link: CVE-2022-38488
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-14T21:15:11.230
Modified: 2022-12-19T17:56:31.063
Link: CVE-2022-38488
JSON object: View
Redhat Information
No data.
CWE