Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generation, it does not persist the state or bind it to the user's session. Consequently, the verify_and_process method accepts the state received in the query parameters without verifying it against a trusted local value. This allows a remote attacker to trick a victim into visiting a malicious callback URL, which can result in the attacker's account being linked to the victim's internal account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
FastAPI SSO 安全漏洞
Vulnerability Description
FastAPI SSO是Tomas Votava个人开发者的一个FastAPI插件。 FastAPI SSO 0.19.0之前版本存在安全漏洞,该漏洞源于OAuth状态参数验证不当,可能导致跨站请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A