Observable Response Discrepancy Affecting fastapi-users package, versions [,10.1.3)
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FASTAPIUSERS-2964438
- published 1 Aug 2022
- disclosed 1 Aug 2022
- credit Filipe Nascimento
How to fix?
Upgrade fastapi-users
to version 10.1.3 or higher.
Overview
fastapi-users is a Ready-to-use and customizable users management for FastAPI
Affected versions of this package are vulnerable to Observable Response Discrepancy. Exploiting this vulnerability is possible by sending web requests enumerating over values for an HTTP header in an attempt to find Redis
keys.