<p>Upgrade <code>fastapi-users</code> to version 10.1.3 or higher.</p>

Observable Response Discrepancy Affecting fastapi-users package, versions [,10.1.3)

Snyk CVSS

Attack Complexity High

Confidentiality High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-FASTAPIUSERS-2964438
published 1 Aug 2022
disclosed 1 Aug 2022
credit Filipe Nascimento

Report a new vulnerability Found a mistake?

Introduced: 1 Aug 2022

CWE-204 Open this link in a new tab

How to fix?

Upgrade fastapi-users to version 10.1.3 or higher.

Overview

fastapi-users is a Ready-to-use and customizable users management for FastAPI

Affected versions of this package are vulnerable to Observable Response Discrepancy. Exploiting this vulnerability is possible by sending web requests enumerating over values for an HTTP header in an attempt to find Redis keys.

References

GitHub Commit
GitHub Discussion
GitHub Issue