npm package
@cloudflare/workers-oauth-provider
pkg:npm/%40cloudflare/workers-oauth-provider
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4144 | — | < 0.0.5 | 0.0.5 | May 1, 2025 | PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers | ||
| CVE-2025-4143 | — | < 0.0.5 | 0.0.5 | May 1, 2025 | The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: https://github.com/cl |
- CVE-2025-4144May 1, 2025affected < 0.0.5fixed 0.0.5
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers
- CVE-2025-4143May 1, 2025affected < 0.0.5fixed 0.0.5
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: https://github.com/cl