CVE-2013-4347: Cryptographic Issues
(updated )
The (1) make_nonce
, (2) generate_nonce
, and (3) generate_verifier
functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
References
Detect and mitigate CVE-2013-4347 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →