2 matches found
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
Description The OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. generatestatetoken is always called with an empty statedata dict, so the resulting JWT only contains the fixed audience...
FastAPI Users 跨站请求伪造漏洞
FastAPI Users is a customizable user management interface from FastAPI Users open source. A cross-site request forgery vulnerability exists in FastAPI Users versions prior to 15.0.2, which stems from stateless OAuth login status tokens and missing correlation data, which could lead to login CSRF...