{"vulnerability": "ghsa-5g66-628f-7cvj", "sightings": [{"uuid": "33a6e0c2-e435-4b2f-a859-0e1b1e98db44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-5G66-628F-7CVJ", "type": "seen", "source": "https://t.me/arpsyndicate/2505", "content": "#ExploitObserverAlert\n\nGHSA-5g66-628f-7cvj\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier\n\nGHSS: 8.6", "creation_timestamp": "2024-01-05T18:13:28.000000Z"}, {"uuid": "fe7f3454-d394-431b-b0cd-3ed5ac17202e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-5G66-628F-7CVJ", "type": "seen", "source": "https://t.me/ctinow/171784", "content": "https://ift.tt/FJQfVkb\nCVE-2024-21632 | synth omniauth-microsoft_graph up to 1.x email improper authentication (GHSA-5g66-628f-7cvj)", "creation_timestamp": "2024-01-23T09:21:29.000000Z"}, {"uuid": "33b71c46-5519-42a7-b74b-2f1dde3a1185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-5G66-628F-7CVJ", "type": "seen", "source": "https://t.me/ctinow/162640", "content": "https://ift.tt/E810Hul\n[GHSA-5g66-628f-7cvj] Omniauth::MicrosoftGraph Account takeover (nOAuth)", "creation_timestamp": "2024-01-03T22:56:51.000000Z"}]}