CVE-2021-41580

EPSS 0.47% · P65 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-41580

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants authorization upon simply receiving the access token (i.e., does not try to use the token). NOTE: the passport-oauth2 vendor does not consider this a passport-oauth2 vulnerability

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Passport-Oauth2 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Passport-Oauth2是一种身份验证策略。 Passport-Oauth2 1.6.1之前版本存在安全漏洞，该漏洞源于Node.js 1.6.1之前的passport-oauth2包错误处理了获取访问令牌失败的错误条件。在某些用例中，这是可以利用的，其中OAuth身份提供者使用HTTP 200状态码来报告身份验证失败错误，应用程序仅在接收访问令牌时授予授权。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-41580

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-41580

请登录查看更多情报信息。

Patches & Fixes for CVE-2021-41580 (2)

https://github.com/jaredhanson/passport-oauth2/pull/144x_refsource_MISC
https://github.com/jaredhanson/passport-oauth2/commit/8e3bcdff145a2219033bd782fc517229fe3e05eax_refsource_MISC

Other References for CVE-2021-41580 (1)

https://github.com/jaredhanson/passport-oauth2/compare/v1.6.0...v1.6.1x_refsource_MISC

https://nvd.nist.gov/vuln/detail/CVE-2021-41580

Same Patch Batch · n/a · 2021-09-27 · 56 CVEs total

CVE-2021-36134	7.4 HIGH	Out of bounds write in Netop Vision Pro
CVE-2021-23445	3.1 LOW	Cross-site Scripting (XSS)
CVE-2021-0425		Mediatek 芯片安全漏洞
CVE-2021-41329		Datalust Seq 安全漏洞
CVE-2021-31605		Openvpn OpenVPN 命令注入漏洞
CVE-2021-40349		e7d Speed Test 路径遍历漏洞
CVE-2021-40981		Asus Rog Armory Crate 代码问题漏洞
CVE-2021-0421		Mediatek 芯片安全漏洞
CVE-2021-0422		Mediatek 芯片缓冲区错误漏洞
CVE-2021-0423		Mediatek 芯片安全漏洞
CVE-2021-0424		Mediatek 芯片缓冲区错误漏洞
CVE-2021-40098		PortlandLabs Concrete CMS 路径遍历漏洞
CVE-2021-0610		Mediatek 芯片输入验证错误漏洞
CVE-2021-0611		Mediatek 芯片资源管理错误漏洞
CVE-2021-0612		Mediatek 芯片资源管理错误漏洞
CVE-2021-0660		Mediatek 芯片缓冲区错误漏洞
CVE-2021-40104		PortlandLabs Concrete CMS 安全漏洞
CVE-2021-40105		PortlandLabs Concrete Cms 跨站脚本漏洞
CVE-2021-40106		PortlandLabs Concrete Cms 跨站脚本漏洞
CVE-2021-40108		PortlandLabs Concrete Cms 跨站请求伪造漏洞

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-41580

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-41580

I. Basic Information for CVE-2021-41580

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-41580

III. Intelligence Information for CVE-2021-41580

Patches & Fixes for CVE-2021-41580 (2)

Other References for CVE-2021-41580 (1)

Same Patch Batch · n/a · 2021-09-27 · 56 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-41580

Leave a comment