PYSEC-2022-269

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/oauthlib/PYSEC-2022-269.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2022-269
Aliases
Published
2022-09-09T21:15:00Z
Modified
2023-11-08T04:10:00.371667Z
Summary
[none]
Details

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

References

Affected packages

PyPI / oauthlib

Package

Affected ranges

Type
GIT
Repo
https://github.com/oauthlib/oauthlib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
3.1.1
Fixed
3.2.1

Affected versions

3.*

3.1.1
3.2.0