CVE-2026-34052 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionar…
Medium CVSS: 5.9

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3.
Vendor
-
Product
-
CWE
CWE-401
Yayın Tarihi
2026-04-03 23:17:03
Güncelleme
2026-04-07 13:20:55
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-401 MEDIUM 2026

Referanslar

https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3 https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj