CNNVD-202512-3746 Information

CNNVD ID

CNNVD-202512-3746

Related CVE

CVE-2025-14546

• CNNVD Published: 2025-12-19

Description (Chinese)

FastAPI SSO是Tomas Votava个人开发者的一个FastAPI插件。 FastAPI SSO 0.19.0之前版本存在安全漏洞，该漏洞源于OAuth状态参数验证不当，可能导致跨站请求伪造攻击。

Description (English)

FastAPI SSO is a FastAPI plugin for Tomas Votava personal developers. There was a security loophole in the previous version of FastAPI SSO 0.19.0, which stemmed from inadequate verification of OAuth state parameters, which could lead to cross-site requests for false attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/tomasvotava/fastapi-sso/commit/6117d1a5ad498ba57d671e8a059ebe20db5abe02 https://github.com/tomasvotava/fastapi-sso/issues/266 https://security.snyk.io/vuln/SNYK-PYTHON-FASTAPISSO-14386403 https://access.redhat.com/security/cve/cve-2025-14546

Patch

https://github.com/tomasvotava/fastapi-sso/releases