CVE-2022-36087

2022-09-0921:15:08

CWE-601

CWE-20

GitHub_M

web.nvd.nist.gov

383

oauthlib

python

oauth

request signing

cve-2022-36087

denial of service

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

68.0%

JSON

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

Affected configurations

Nvd

Vulners

Node

oauthlib_projectoauthlibRange3.1.1–3.2.1

Node

fedoraprojectfedoraMatch37

VendorProductVersionCPE
oauthlib_projectoauthlib*cpe:2.3:a:oauthlib_project:oauthlib:*:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oauthlib_project	oauthlib	*	cpe:2.3:a:oauthlib_project:oauthlib::::::::
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*

CNA Affected

[
  {
    "vendor": "oauthlib",
    "product": "oauthlib",
    "versions": [
      {
        "version": ">= 3.1.1, < 3.2.1",
        "status": "affected"
      }
    ]
  }
]