VYPR
Moderate severityNVD Advisory· Published Sep 9, 2022· Updated Apr 22, 2025

OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI

CVE-2022-36087

Description

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of uri_validate functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly uri_validate are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
oauthlibPyPI
>= 3.1.1, < 3.2.23.2.2

Affected products

58

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.