Movatterモバイル変換

Skip to content

oauth2-proxy/oauth2-proxyPublic

NotificationsYou must be signed in to change notification settings
Fork2k
Star13.5k

Security

SECURITY.md

Security Disclosures

Please seeour community docs for our security policy.

Header smuggling via underscore leading to potential privilege escalation
GHSA-vjrc-mh2v-45x6 publishedNov 8, 2025 bytuunit
High
Authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
GHSA-7rh7-c77v-6434 publishedJul 30, 2025 bytuunit
Critical
`--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0
GHSA-652x-m2gr-hppm publishedMar 25, 2021 byJoelSpeed
Moderate
Subdomain checking of whitelisted domains could allow unintended redirects
GHSA-4mf2-f3wh-gvf2 publishedFeb 1, 2021 byJoelSpeed
Moderate
New OpenRedirect cases have been found
GHSA-5m6c-jp6f-2vcv publishedJun 27, 2020 byJoelSpeed
High
Open Redirect Vulnerability with encoded Whitespace characters
GHSA-j7px-6hwj-hpjg publishedMay 6, 2020 byJoelSpeed
High
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
GHSA-qqxw-m5fj-f7gv publishedJan 29, 2020 bystarkers
High

Learn more about advisories related tooauth2-proxy/oauth2-proxy in theGitHub Advisory Database

[8]ページ先頭

©2009-2025 Movatter.jp