Affected by GO-2024-3228 and 1 other vulnerabilities

GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder

GO-2025-3921: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

enterprise/

Details

Path	Synopsis
audit
audittest
backends
cli
cmd
coder command
coderd
coderdenttest
dbauthz
dormancy
license
portsharing
proxyhealth
schedule
dbcrypt Package dbcrypt provides a database.Store wrapper that encrypts/decrypts values stored at rest in the database.	Package dbcrypt provides a database.Store wrapper that encrypts/decrypts values stored at rest in the database.
derpmesh
provisionerd
replicasync
tailnet
trialer
wsproxy
wsproxysdk