View online: https://www.drupal.org/sa-contrib-2020-034
Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) [1] Date: 2020-October-14 Vulnerability: SQL Injection
Description: This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.
Solution: Install the latest version:
* If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1 [2]
Reported By: * Jakub Piasecki [3]
Fixed By: * Gaurav Sood [4] * Greg Knaddison [5] of the Drupal Security Team * Samuel Mortenson [6] of the Drupal Security Team
Coordinated By: * Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/oauth_server_sso [2] https://www.drupal.org/project/oauth_server_sso/releases/8.x-1.1 [3] https://www.drupal.org/user/1532844 [4] https://www.drupal.org/user/3288491 [5] https://www.drupal.org/user/36762 [6] https://www.drupal.org/user/2582268 [7] https://www.drupal.org/u/mlhess