Sign In

CVE-2022-36087

ADVISORY - github

Summary

Impact

  • Attacker providing malicious redirect uri can cause DoS to oauthlib's web application.
  • Attacker can also leverage usage of uri_validate functions depending where it is used.

What kind of vulnerability is it? Who is impacted?

Oauthlib applications using OAuth2.0 provider support or use directly uri_validate function.

Patches

Has the problem been patched? What versions should users upgrade to?

Issue fixed in 3.2.2 release.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

The redirect_uri can be verified in web toolkit (i.e bottle-oauthlib, django-oauth-toolkit, ...) before oauthlib is called. A sample check if : is present to reject the request can prevent the DoS, assuming no port or IPv6 is fundamentally required.

References

Attack Vector:

PoC

is_absolute_uri("http://[:::::::::::::::::::::::::::::::::::::::]/path")

Acknowledgement

Special thanks to Sebastian Chnelik - PyUp.io

EPSS Score: 0.0038 (0.588)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20

Improper Input Validation

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - github

CWE-20

Improper Input Validation

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20

Improper Input Validation

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in