Scratchoauth2 Project Scratchoauth2 — known CVE vulnerabilities
Every CVE whose affected-product data names Scratchoauth2 Project Scratchoauth2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-46250 — CVSS 10.0 (critical): An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate…
CVE-2021-29437 — CVSS 8.0 (high): ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be…
CVE-2021-46249 — CVSS 6.5 (medium): An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089…
CVE-2021-46251 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute…