Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | oauth2 | 0, 1.0.0, 1.0.4 |
Timeline
- May 20, 2014 CVE Published
- Feb 23, 2024 CVE Updated
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
| Vendor | Product | Versions |
|---|---|---|
| PyPI | oauth2 | 0, 1.0.0, 1.0.4 |