PYSEC-2014-85

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-85.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-85

Aliases

CVE-2013-4346
GHSA-4433-4cxq-vv73

Published

2014-05-20T14:55:00Z

Modified

2024-02-23T21:41:32.199131Z

Summary

[none]

Details

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.

References

Affected packages

PyPI / oauth2

Package

Name: oauth2; View open source insights on deps.dev
Purl: pkg:pypi/oauth2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9rc1

Affected versions

1.*

1.0.0

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.3

1.2.0

1.5.150

1.5.153

1.5.155

1.5.158

1.5.159

1.5.160

1.5.161

1.5.162

1.5.163

1.5.164

1.5.165

1.5.166

1.5.167

1.5.168

1.5.169

1.5.170

1.5.210

1.5.211

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-85.yaml"