PT-2022-23176 · Oauthlib+6 · Oauthlib+6

Jonathan Huot

Published

2022-09-09

Updated

2025-07-31

CVE-2022-36087

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OAuthLib versions 3.1.1 through 3.2.1

Description The issue allows an attacker providing a malicious redirect uri to cause denial of service. An attacker can also leverage the usage of uri validate functions depending on where it is used. OAuthLib applications using OAuth2.0 provider support or using directly uri validate are affected by this issue.

Recommendations For OAuthLib versions 3.1.1 through 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider verifying the redirect uri in the web toolkit before OAuthLib is called, and reject requests with malicious uris, such as those containing a colon (:), assuming no port or IPv6 is fundamentally required.

Exploit

Fix

DoS

Open Redirect

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-20

Related Identifiers

ALSA-2023:2161

ALSA-2023_2161

ALT-PU-2022-3443

BDU:2025-09877

CVE-2022-36087

GHSA-3PGJ-PG6C-R5P7

OESA-2022-1971

OPENSUSE-SU-2024:12339-1

OPENSUSE-SU-2025:15100-1

PYSEC-2022-269

RHSA-2023:2161

RHSA-2023_2161

USN-5632-1

Affected Products

Alt Linux

Almalinux

Linuxmint

Oauthlib

Red Hat

Red Os

Ubuntu

PT-2022-23176 · Oauthlib+6 · Oauthlib+6

CVE-2022-36087

Weakness Enumeration

Related Identifiers

Affected Products

References · 43