CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34052

CVE-2026-34052 affects the LTI JupyterHub Authenticator used with JupyterHub. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds, with nonces added before signature validation. An attacker who knows a valid consumer key can send...

EUVD-2026-18893

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage Denial of Service...

Allocation of Resources Without Limits or Throttling

Overview jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded growth of a class-level dictionary used for storing OAuth nonces. An...

GHSA-8MXQ-7XR7-2FXJ LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

PT-2026-30253

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...