CVE-2025-40905

The CVE concerns WWW::OAuth 1.000 and earlier for Perl, which uses the rand() function as the default entropy source for cryptographic functions. This non-cryptographic randomness source can undermine security of cryptographic operations in affected releases. The connected CVE entry confirms the ...

EUVD-2024-39635

Malicious code in bioql PyPI...

CVE-2024-42476

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475

The CVE describes the nim OAuth library prior to 0.11 having insecure generateState entropy in the state values, enabling potential CSRF with a user. The root cause is that generateState did not use a cryptographically secure generator, producing insufficient entropy (less than 128 bits). Version...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

OESA-2022-1971 python-oauthlib security update

Security Fixes: OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is...

USN-5632-1 python-oauthlib vulnerability

Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service...

PYSEC-2022-269

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

UBUNTU-CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

WP API: Cryptographic Side Channel in OAuth Library

Because hashes and tokens are compared with the !== and === operators, these checks may be susceptible to timing attacks. More info: http://codahale.com/a-lesson-in-timing-attacks/ Affected code:...