cve/2023/CVE-2023-28131.md

### [CVE-2023-28131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28131)
![](https://img.shields.io/static/v1?label=Product&message=Expo%20AuthSession%20module&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20use%20of%20AuthSession%20modules%E2%80%99s%20useProxy%20in%20Expo%20below%20SDK%2048%20may%20allow%20OAuth%20hijacking%2C%20which%20leads%20to%20credentials%20theft%20and%20Account%20Takeover.&color=brighgreen)

### Description

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

### POC

#### Reference
- https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps

#### Github
No PoCs found on GitHub currently.