7 matches found
SUSE CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +96 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)
django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:GHSA-8M3C-C723-H4P4...
django-daiquiri (>=1.3.0 <=1.3.1), django-jwt-allauth (>=1.0.3 <=1.2.0) +5 more potentially affected by CVE-2025-65431 via django-allauth (>=65.0.1 <=65.12.1)
django-allauth PYPI version =65.0.1, =1.3.0, =1.0.3, =0.3.8, =4.0.0, =2.0.0, =1.1.1, =1.1.2 Source cves: CVE-2025-65431 Source advisory: SNYK:PYTHON-DJANGOALLAUTH-14425069...
aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +96 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)
django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:PYSEC-2025-111...
DEBIAN-CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
Linux Distros Unpatched Vulnerability : CVE-2025-65431
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts...