Nextcloud: Update App Store: Django account high jacking vulnerability

ID H1:761329
Type hackerone
Reporter bernhardposselt
Modified 2020-01-31T10:59:51


High Severity Framework Security Fix


There's a nasty bug that allows accounts to be highjacked. Attackers still can't distribute archive since they are signed but can highjack admin accounts and swap out packges in the admin panel. I've updated the deps, tests work fine locally but you should check just to be sure and deploy the latest master branch ASAP