Starkers

**Name of the Vulnerable Software and Affected Versions** oauth2 proxy versions prior to 5.0 **Description** An open redirect vulnerability has been found in oauth2 proxy. This issue could allow an attacker to silently harvest authentication tokens. For example, an attacker could use a URL like `https://facebook.com/oauth.php?clientid=123&state=abc&redirect url=https://yourdomain.com/red.php?url%3dhttps://attacker.com/` to exploit this vulnerability. The `IsValidRedirect` function in oauth2 proxy is vulnerable, and a patch has been submitted to fix this issue. **Recommendations** For versions prior to 5.0, update to version 5.0 to resolve the issue. At the moment, there is no workaround available for this vulnerability.