CVE-2022-36087
09.09.2022, 21:15
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oauthlib_project | oauthlib | 3.1.1 ≤ 𝑥 < 3.2.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| fence-agents-aliyun |
| ||
| fence-agents-all |
| ||
| fence-agents-amt-ws |
| ||
| fence-agents-apc |
| ||
| fence-agents-apc-snmp |
| ||
| fence-agents-aws |
| ||
| fence-agents-azure-arm |
| ||
| fence-agents-bladecenter |
| ||
| fence-agents-brocade |
| ||
| fence-agents-cisco-mds |
| ||
| fence-agents-cisco-ucs |
| ||
| fence-agents-common |
| ||
| fence-agents-compute |
| ||
| fence-agents-drac5 |
| ||
| fence-agents-eaton-snmp |
| ||
| fence-agents-emerson |
| ||
| fence-agents-eps |
| ||
| fence-agents-gce |
| ||
| fence-agents-heuristics-ping |
| ||
| fence-agents-hpblade |
| ||
| fence-agents-ibm-powervs |
| ||
| fence-agents-ibm-vpc |
| ||
| fence-agents-ibmblade |
| ||
| fence-agents-ifmib |
| ||
| fence-agents-ilo-moonshot |
| ||
| fence-agents-ilo-mp |
| ||
| fence-agents-ilo-ssh |
| ||
| fence-agents-ilo2 |
| ||
| fence-agents-intelmodular |
| ||
| fence-agents-ipdu |
| ||
| fence-agents-ipmilan |
| ||
| fence-agents-kdump |
| ||
| fence-agents-kubevirt |
| ||
| fence-agents-lpar |
| ||
| fence-agents-mpath |
| ||
| fence-agents-openstack |
| ||
| fence-agents-redfish |
| ||
| fence-agents-rhevm |
| ||
| fence-agents-rsa |
| ||
| fence-agents-rsb |
| ||
| fence-agents-sbd |
| ||
| fence-agents-scsi |
| ||
| fence-agents-virsh |
| ||
| fence-agents-vmware-rest |
| ||
| fence-agents-vmware-soap |
| ||
| fence-agents-wti |
| ||
| fence-agents-zvm |
| ||
| fence-virt |
| ||
| fence-virtd |
| ||
| fence-virtd-cpg |
| ||
| fence-virtd-libvirt |
| ||
| fence-virtd-multicast |
| ||
| fence-virtd-serial |
| ||
| fence-virtd-tcp |
| ||
| ha-cloud-support |
|
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
References