Sebastian Chnelik

**Name of the Vulnerable Software and Affected Versions** OAuthLib versions 3.1.1 through 3.2.1 **Description** The issue allows an attacker providing a malicious redirect uri to cause denial of service. An attacker can also leverage the usage of `uri validate` functions depending on where it is used. OAuthLib applications using OAuth2.0 provider support or using directly `uri validate` are affected by this issue. **Recommendations** For OAuthLib versions 3.1.1 through 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider verifying the `redirect uri` in the web toolkit before OAuthLib is called, and reject requests with malicious uris, such as those containing a colon (:), assuming no port or IPv6 is fundamentally required.