Vulnerability	Vulnerable Version
H Race Condition fastapi-sso is a FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account) Affected versions of this package are vulnerable to Race Condition. When multiple concurrent login requests are processed simultaneously, the state shared between requests could allow one user to unintentionally obtain another user's access token and assume their identity. The vulnerability exists in the SSO login flow, where the provider instance state is not properly isolated between concurrent requests. This could be exploited in high concurrency scenarios by timing login requests precisely. The fix introduces async locking to ensure requests are processed sequentially and providers must be used within an async context manager. How to fix Race Condition? Upgrade `fastapi-sso` to version 0.16.0 or higher.	[,0.16.0)

Race Condition

fastapi-sso is a FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)

Affected versions of this package are vulnerable to Race Condition. When multiple concurrent login requests are processed simultaneously, the state shared between requests could allow one user to unintentionally obtain another user's access token and assume their identity. The vulnerability exists in the SSO login flow, where the provider instance state is not properly isolated between concurrent requests. This could be exploited in high concurrency scenarios by timing login requests precisely. The fix introduces async locking to ensure requests are processed sequentially and providers must be used within an async context manager.

How to fix Race Condition?

Upgrade fastapi-sso to version 0.16.0 or higher.

[,0.16.0)

Go back to all versions of this package