—
GO-2026-5737
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri in github.com/authorizerdev/authorizer
Details
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri in github.com/authorizerdev/authorizer
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/authorizerdev/authorizer
Introduced in:
0 Fixed in: 0.0.0-20260329085140-6d9bef1aaba3 Fix
go get github.com/authorizerdev/authorizer@v0.0.0-20260329085140-6d9bef1aaba3 References
- https://github.com/authorizerdev/authorizer/security/advisories/GHSA-x3f4-v83f-7wp2 [ADVISORY]
- https://github.com/authorizerdev/authorizer/commit/6d9bef1aaba3f867f8c769b93eb7fc80e4e7b0a2 [FIX]
- https://github.com/authorizerdev/authorizer/pull/502 [FIX]
- https://github.com/authorizerdev/authorizer/releases/tag/2.0.1 [WEB]