CNNVD-202512-3775 Information
CNNVD ID
CNNVD-202512-3775
Related CVE
- CNNVD Published: 2025-12-19
Description (Chinese)
FastAPI Users是FastAPI Users开源的一个可定制用户管理接口。 FastAPI Users 15.0.2之前版本存在跨站请求伪造漏洞,该漏洞源于OAuth登录状态令牌无状态且缺少关联数据,可能导致登录CSRF和账户接管。
Description (English)
FastAPI Users is a custom user management interface for FastAPI Users. The previous version of FastAPI Users 15.0.2 had a false cross-site request loophole, which originated from the non-status of the OAuth log-in and the lack of associated data, which could lead to access to CSRF and account take-over.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
FastAPI Users
Published
2025-12-19
Last Modified
2026-02-24
References
https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L111 https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L57 https://github.com/fastapi-users/fastapi-users/commit/7cf413cd766b9cb0ab323ce424ddab2c0d235932 https://github.com/fastapi-users/fastapi-users/security/advisories/GHSA-5j53-63w8-8625 https://access.redhat.com/security/cve/cve-2025-68481
Patch
https://github.com/fastapi-users/fastapi-users/releases
Share on: