CVE-2023-28131

Name of the Vulnerable Software and Affected Versions Expo framework (affected versions not specified)

Description The issue is related to the implementation of the OAuth standard in the Expo framework, specifically with insufficient protection of registration data. An attacker can exploit this to take over accounts and steal credentials on an application or website that has configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link, which may be sent via various means such as email, text message, or an attacker-controlled website.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.