Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

The following versions are currently being supported with security updates.

Version	Supported
3.3.x	✅
3.2.x	✅
3.1.x	❌
< 3.1	❌

Reporting a Vulnerability

Please raise a draft advisory to start discussing about the vulnerability in a private channel with OAuthlib Admin: https://github.com/oauthlib/oauthlib/security/advisories/new

Incident Response Plan

The Incident Response Plan for oauthlib is composed of four steps:

Triage: discussion about the validity of the vulnerability with the reporter in the private channel.
Mitigate: work on a fix and release a newer version.
Disclose: let downstream applications some time to update to the latest release, then make the CVE public.
Learn: discuss about any potential actions that could have prevented the vulnerability.

DoS when attacker provide malicious IPV6 URI
GHSA-3pgj-pg6c-r5p7 published Sep 9, 2022 by JonathanHuot

Moderate

Learn more about advisories related to oauthlib/oauthlib in the GitHub Advisory Database