CVE-2024-42476

Name of the Vulnerable Software and Affected Versions OAuth library for nim versions prior to 0.11

Description The issue concerns the OAuth library for nim, where the Authorization Code grant and Implicit grant rely on the state parameter to prevent cross-site request forgery (CSRF) attacks. However, when compiled with certain compiler flags, the state parameter may not be checked, creating a CSRF vulnerability. This is because the library previously relied on a plain assert for checking the state parameter, which can be disabled with flags like -d:danger or --assertions:off. Version 0.11 addresses this by using a regular if statement or doAssert for the check, ensuring the desired behavior even when assertions are disabled.

Recommendations For versions prior to 0.11, update to version 0.11 to ensure the state parameter is properly checked, preventing CSRF vulnerabilities. At the moment, there is no information about other versions that contain a fix for this vulnerability.