VDB
DEBIAN-CVE-2022-36087
DEBIAN-CVE-2022-36087
PUBLISHED
CVSS 6.5 MEDIUM
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | python-oauthlib | 0, 0, 0 |
| Debian:12 | python-oauthlib | 0, 0, 0 |
| Debian:14 | python-oauthlib | 0, 0, 0 |
Timeline
- Sep 9, 2022 CVE Published
- Apr 28, 2026 CVE Updated