fastapi-users@0.6.1 vulnerabilities

Ready-to-use and customizable users management for FastAPI

Direct Vulnerabilities

Known vulnerabilities in the fastapi-users package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Observable Response Discrepancy

fastapi-users is a Ready-to-use and customizable users management for FastAPI

Affected versions of this package are vulnerable to Observable Response Discrepancy. Exploiting this vulnerability is possible by sending web requests enumerating over values for an HTTP header in an attempt to find Redis keys.

How to fix Observable Response Discrepancy?

Upgrade fastapi-users to version 10.1.3 or higher.

[,10.1.3)
  • H
Authentication Bypass

fastapi-users is a Ready-to-use and customizable users management for FastAPI

Affected versions of this package are vulnerable to Authentication Bypass in the account e-mail association when authenticating with OAuth.

How to fix Authentication Bypass?

Upgrade fastapi-users to version 10.1.0 or higher.

[,10.1.0)