Nextcloud: Update App Store: Django account high jacking vulnerability

2019-12-18T23:12:16
ID H1:761329
Type hackerone
Reporter bernhardposselt
Modified 2020-01-31T10:59:51

Description

High Severity Framework Security Fix

Impact

There's a nasty bug that allows accounts to be highjacked. Attackers still can't distribute archive since they are signed but can highjack admin accounts and swap out packges in the admin panel. I've updated the deps, tests work fine locally but you should check just to be sure and deploy the latest master branch ASAP