Severity: Critical
CVSS Score: 10
All versions of `react-oauth-flow` fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. ## Recommendation No fix is currently available. Consider using an alternative module until a fix is made available.