### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Type**: Remote Code Execution (RCE) * **Root Cause**: Deserialization vulnerability in the `Jinacore` component within `OkAuth`. * **Commit Message**: `Fix: Remote Code Execution via Jinacore Deserialization in OkAuth` **Affected Scope** * **Project**: `devcode-it / openasmanager` * **Affected File**: `src/Models/OkAuth2.php` * **Involved Functions**: `getAccessTokens`, `checkTokens` (or context of `updateTokens`) **Fix Description** * Restructured the token handling logic. * In the `getAccessTokens` function, removed direct calls to `$this->refreshToken()` and incorrect URL concatenation logic. * In the `checkTokens` function, redefined the assignment of `$access_token` and `$refresh_token`, and added the conditional check `if ($access_token && $refresh_token)` to ensure token validity, thereby blocking the attack path for deserialization exploits. **Relevant Code Changes (Fix Code)** *(Note: Red background indicates removed vulnerable code; green background indicates newly added fix code)* ```php // src/Models/OkAuth2.php // 1. Changes in getAccessTokens function public function getAccessTokens() { // ... // Removed (Red): // $this->refreshToken(); // return $this->redirect('access_token') . '?error=invalid_access_token' . null; // Updated (Green): return $this->redirect('access_token') . '?error=invalid_access_token' . '?state=' . $this->state . '&code=' . $this->code; } // 2. Changes in checkTokens function protected function checkTokens() { // Removed (Red): // $access_token = $this->access_token . '?error=invalid_access_token' . null; // $refresh_token = $this->refreshToken(); // Updated (Green): $access_token = $this->access_token . '?error=invalid_access_token' . '?state=' . $this->state . '&code=' . $this->code; $refresh_token = $this->refreshToken(); // Added (Green): if ($access_token && $refresh_token) { // Tentative de refresh des token de session } } ```