The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Python-oauth2 |
Urbanairship |
- (including) |
- (including) |
References