OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
References
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Sep 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-09-09 21:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-36087
Mitre link : CVE-2022-36087
CVE.ORG link : CVE-2022-36087
JSON object : View
Products Affected
oauthlib_project
- oauthlib
fedoraproject
- fedora