GHSA-grh9-37g7-53mj

Suggest an improvement
Source
https://github.com/advisories/GHSA-grh9-37g7-53mj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-grh9-37g7-53mj/GHSA-grh9-37g7-53mj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-grh9-37g7-53mj
Aliases
Published
2026-02-02T21:16:49Z
Modified
2026-02-05T09:56:23.468869Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Details

Summary

An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint.

Patches

The problem was fixed in the latest release, v2.1.2. The docker images for the tag 'latest' built from the master branch also include the fix.

Database specific 
{
    "github_reviewed": true,
    "severity": "MODERATE",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-601"
    ],
    "github_reviewed_at": "2026-02-02T21:16:49Z"
}
References

Affected packages

Go / github.com/h44z/wg-portal

Package

Name
github.com/h44z/wg-portal
View open source insights on deps.dev
Purl
pkg:golang/github.com/h44z/wg-portal

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2

Database specific

last_known_affected_version_range 
"<= 2.1.1"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-grh9-37g7-53mj/GHSA-grh9-37g7-53mj.json"