Yiiframework Yii2 Authclient
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Yiiframework Yii2 Authclient.
By the Year
In 2026 there have been 0 vulnerabilities in Yiiframework Yii2 Authclient. Yii2 Authclient did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 9.30 |
It may take a day or so for new Yii2 Authclient vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Yiiframework Yii2 Authclient Security Vulnerabilities
yii2-authclient PKCE downgrade & unused verifier vuln before 2.2.15
CVE-2023-50714
8.8 - High
- December 22, 2023
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available.
authentification
yii2-authclient < 2.2.15: Timing Attack via Improper State/Nonce Compare
CVE-2023-50708
9.8 - Critical
- December 22, 2023
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Yiiframework Yii2 Authclient or by Yiiframework? Click the Watch button to subscribe.
