| ID | 1090501664 |
| Created | Jan 15, 2023 |
| Updated | Jan 15, 2023 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | All |
| Affected App | oauthlib |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2023-01-16 | 0.00339 |
Refine Search
Threat Encyclopedia
OAuthLib.malicious.IPV6.URI.DoS
Description
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue.
Affected Products
OAuthLib versions 3.1.1 until 3.2.1
Impact
System Compromise: Remote attackers can cause DoS to oauthlib's web application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.