—
GO-2026-5531
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft in github.com/lin-snow/ech0
Details
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft in github.com/lin-snow/ech0
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/lin-snow/ech0
Introduced in:
0 Fixed in: 1.4.8-0.20260503040728-a7e8b8e84bd1 Fix
go get github.com/lin-snow/ech0@v1.4.8-0.20260503040728-a7e8b8e84bd1