{"id":"PYSEC-2014-85","details":"The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.","aliases":["CVE-2013-4346","GHSA-4433-4cxq-vv73"],"modified":"2024-02-23T21:41:32.199131Z","published":"2014-05-20T14:55:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"type":"REPORT","url":"https://github.com/simplegeo/python-oauth2/issues/129"},{"type":"WEB","url":"http://www.securityfocus.com/bid/62386"}],"affected":[{"package":{"name":"oauth2","ecosystem":"PyPI","purl":"pkg:pypi/oauth2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9rc1"}]}],"versions":["1.0.0","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.3","1.2.0","1.5.150","1.5.153","1.5.155","1.5.158","1.5.159","1.5.160","1.5.161","1.5.162","1.5.163","1.5.164","1.5.165","1.5.166","1.5.167","1.5.168","1.5.169","1.5.170","1.5.210","1.5.211"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-85.yaml"}}],"schema_version":"1.7.3"}