Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034

Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )Date: 2020-October-14Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescription: This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.Solution: Install the latest version:

  • If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-034