{"vulnerability": "CVE-2020-7692", "sightings": [{"uuid": "91868b88-4f61-4f64-9b41-70d0ee61695c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7692", "type": "seen", "source": "https://t.me/VulnerabilityNews/17424", "content": "** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of \"RFC 6749 compliant\" is valid and not misleading and I also therefore wouldn't describe this as a \"vulnerability\" with the library per se.'\nPublished at: October 04, 2020 at 07:15AM\nView on website", "creation_timestamp": "2020-10-04T12:46:13.000000Z"}]}