zlacker

[parent] [thread] 0 comments
1. gcr+(OP)[view] [source] 2025-06-04 04:29:07
This library has some pretty bad security bugs. For example, the author forgot to check that redirect_uri — matches one of the URLs listed during client registration.

The CVE is uncharacteristically scornful: https://nvd.nist.gov/vuln/detail/cve-2025-4143

I’m glad this was patched, but it is a bit worrying for something “not vibe coded” tbh

[go to top]