Improper input validation in Oauthlib
CVE-2022-36087
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Oauthlib — versions >= 3.1.1, < 3.2.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7
- github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd
- github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oaut…
- github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oaut…
- github.com/oauthlib/oauthlib/releases/tag/v3.2.1
- FEDORA-2022-5a74a5eea7 (vendor-advisory)
- FEDORA-2023-da094276a2 (vendor-advisory)
- FEDORA-2023-49ded4c9a5 (vendor-advisory)
- FEDORA-2023-5ab7049a59 (vendor-advisory)
Frequently asked questions
- What is CVE-2022-36087?
- CVE-2022-36087 is a medium-severity vulnerability in Oauthlib, classified under Improper Input Validation. CVSS score: 5.7/10. Published 2022-09-09.
- How severe is CVE-2022-36087?
- Medium severity. CVSS v3 base score is 5.7 out of 10.
- Is CVE-2022-36087 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.