The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0360 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities: CVE-2022-36087: OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. Tenable has extracted the preceding description block directly from the Tencent Linux security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
TencentOS Server 4: python-oauthlib (TSSA-2024:0360)
