GHSA-HP6R-R9VC-Q8WX FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

EUVD-2022-4779

Malicious code in bioql PyPI...

CVE-2019-10315

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF...

CVE-2022-0916

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

CVE-2022-0916 Broken authentication on Logitech Options due to misvalidation of Oauth state parameter

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...