Количество 7
Количество 7
CVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6.
CVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6.
CVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6.
CVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
openSUSE-SU-2026:20257-1
Security update for python-Authlib
SUSE-SU-2026:0828-1
Security update for python-Authlib
GHSA-fg6f-75jq-6523
Authlib has 1-click Account Takeover vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68158 Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
 | CVE-2025-68158 Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
 | CVE-2025-68158 Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
| CVE-2025-68158 Authlib is a Python library which builds OAuth and OpenID Connect serv ... | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
 | openSUSE-SU-2026:20257-1 Security update for python-Authlib | 0% Низкий | около 2 месяцев назад | |
| SUSE-SU-2026:0828-1 Security update for python-Authlib | 0% Низкий | около 1 месяца назад | |
| GHSA-fg6f-75jq-6523 Authlib has 1-click Account Takeover vulnerability | CVSS3: 5.7 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу