OAuth vulnerability (CVE-2015-9284)

florence-social / mastodon-fork

Florence's fork of Mastodon

GNU Affero General Public License v3.0

138 stars 15 forks source link

OAuth vulnerability (CVE-2015-9284) #102

Closed clarfonthey closed 5 years ago

clarfonthey commented 5 years ago

Going to keep an issue open for tracking this. Looks like omniauth/omniauth#809 is tracking fixes for this, but once a fix is settled and/or tootsuite comes up with a fix, we should merge it and make a new release.

clarfonthey commented 5 years ago

More info: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

1011X commented 5 years ago

I've started working on this, in case anyone else has made any progress on this.