[Security-news] Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Not critical - SQL Injection - SA-CONTRIB-2020-034
security-news at drupal.org
security-news at drupal.org
Wed Oct 14 18:32:15 UTC 2020
View online: https://www.drupal.org/sa-contrib-2020-034
Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) [1]
Date: 2020-October-14
Vulnerability: SQL Injection
Description:
This module enables you login into any OAuth 2.0 compliant application using
Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.
Solution:
Install the latest version:
* If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to
8.x-1.1 [2]
Reported By:
* Jakub Piasecki [3]
Fixed By:
* Gaurav Sood [4]
* Greg Knaddison [5] of the Drupal Security Team
* Samuel Mortenson [6] of the Drupal Security Team
Coordinated By:
* Michael Hess [7] of the Drupal Security Team
[1] https://www.drupal.org/project/oauth_server_sso
[2] https://www.drupal.org/project/oauth_server_sso/releases/8.x-1.1
[3] https://www.drupal.org/user/1532844
[4] https://www.drupal.org/user/3288491
[5] https://www.drupal.org/user/36762
[6] https://www.drupal.org/user/2582268
[7] https://www.drupal.org/u/mlhess
More information about the Security-news
mailing list