Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-36087

Опубликовано: 09 сент. 2022
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

A flaw was found in python-oauthlib. This flaw allows an attacker providing a malicious redirect URI to cause a denial of service to OAuthLib's web application.

Меры по смягчению последствий

The redirect_uri can be verified in the web toolkit before OAuthLib is called. Check to see if : is present to reject the request can prevent the denial of service, assuming no port or IPv6 is fundamentally required.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerAffected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-29-rhel8Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-minimal-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-supported-rhel9Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/platform-resource-runner-rhel8Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/ansible-builder-rhel8Affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/ee-cloud-services-rhel9Affected
Red Hat Ansible Automation Platform 2automation-controllerAffected
Red Hat OpenShift Container Platform 4openshift4/ztp-site-generate-rhel8Affected
Red Hat OpenStack Platform 16.1openstack-mistralNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2128425python-oauthlib: DoS when attacker provides malicious IPV6 URI

EPSS

Процентиль: 56%
0.00337
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-36087

CVSS3: 5.7
ubuntu
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

nvd логотип

CVE-2022-36087

CVSS3: 5.7
nvd
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

debian логотип

CVE-2022-36087

CVSS3: 5.7
debian
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for P ...

redos логотип

ROS-20250731-01

CVSS3: 6.5
redos
около 1 месяца назад

Уязвимость python3-oauthlib

github логотип

GHSA-3pgj-pg6c-r5p7

CVSS3: 5.7
github
почти 3 года назад

OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI

EPSS

Процентиль: 56%
0.00337
Низкий

6.5 Medium

CVSS3