python-oauth2
Page content
- Author: kikadf
- Vulnerable: 1.5.211-3
- Unaffected: 1.5.211-4arcturus1
It was found that _check_signature() in python-oauth2, an application for authorization flows for web application, ignored the nonce values when validating signed urls. It was found that in python-oauth2, an application for authorizing flows for web application, the nonce value generated isn’t random enough, because while doing bulk operations, nonce might get repeated, so there is a chance of predictability.