Wind River Support Network

HomeDefectsLIN1021-4377
Acknowledged

LIN1021-4377 : Security Advisory - python3-oauthlib - CVE-2022-36087

Created: Sep 13, 2022    Updated: Sep 28, 2024
Resolved Date: Sep 27, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.

CREATE(Triage):(User=admin) CVE-2022-36087 (https://nvd.nist.gov/vuln/detail/CVE-2022-36087)
Live chat
Online