GHSA-8MXQ-7XR7-2FXJ vulnerabilities

Vulnerabilities for packages: py3-jupyterhub-ltiauthenticator...

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

Allocation of Resources Without Limits or Throttling

Overview jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded growth of a class-level dictionary used for storing OAuth nonces. An...

EUVD-2026-18893

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage Denial of Service...

GHSA-8MXQ-7XR7-2FXJ LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

LTI JupyterHub Authenticator 安全漏洞

LTI JupyterHub Authenticator is an open-source LTI-based authentication service for JupyterHub. Versions of LTI JupyterHub Authenticator prior to 1.6.3 contained a security vulnerability. This vulnerability stemmed from the unlimited growth of OAuth random numbers, which could lead to...

CVE-2023-25574

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

EUVD-2023-29521

Malicious code in bioql PyPI...

LTI JupyterHub Authenticator does not properly validate JWT Signature

Impact Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to...

CVE-2023-25574

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...