Observable Response Discrepancy Affecting fastapi-users package, versions [,10.1.3)


0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PYTHON-FASTAPIUSERS-2964438

  • published

    1 Aug 2022

  • disclosed

    1 Aug 2022

  • credit

    Filipe Nascimento

Introduced: 1 Aug 2022

New CWE-204 Open this link in a new tab

How to fix?

Upgrade fastapi-users to version 10.1.3 or higher.

Overview

fastapi-users is a Ready-to-use and customizable users management for FastAPI

Affected versions of this package are vulnerable to Observable Response Discrepancy. Exploiting this vulnerability is possible by sending web requests enumerating over values for an HTTP header in an attempt to find Redis keys.