Hacktron

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.21 **Description** An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a malicious authorization link. If a victim clicks this link, the OAuth authorization code is redirected to a domain controlled by the attacker, potentially granting unauthorized access to the victim's account based on the scopes granted to the OAuth application. **Recommendations** Update to version 3.20.1 Update to version 3.19.5 Update to version 3.18.8 Update to version 3.17.14 Update to version 3.16.17 Update to version 3.15.21 Update to version 3.14.26