Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-36087

Опубликовано: 09 сент. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.7

Описание

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

РелизСтатусПримечание
bionic

not-affected

2.0.6-1
devel

released

3.2.0-1ubuntu1
esm-infra/bionic

not-affected

2.0.6-1
esm-infra/focal

not-affected

3.1.0-1ubuntu2
esm-infra/xenial

not-affected

focal

not-affected

3.1.0-1ubuntu2
jammy

released

3.2.0-1ubuntu0.1
kinetic

released

3.2.0-1ubuntu1
trusty

ignored

end of standard support
upstream

released

3.2.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 56%
0.00337
Низкий

5.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-36087

CVSS3: 6.5
redhat
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

nvd логотип

CVE-2022-36087

CVSS3: 5.7
nvd
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

debian логотип

CVE-2022-36087

CVSS3: 5.7
debian
почти 3 года назад

OAuthLib is an implementation of the OAuth request-signing logic for P ...

redos логотип

ROS-20250731-01

CVSS3: 6.5
redos
около 1 месяца назад

Уязвимость python3-oauthlib

github логотип

GHSA-3pgj-pg6c-r5p7

CVSS3: 5.7
github
почти 3 года назад

OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI

EPSS

Процентиль: 56%
0.00337
Низкий

5.7 Medium

CVSS3