OPENSUSE-SU-2026:10499-1 python311-social-auth-app-django-5.7.0-1.1 on GA media

These are all security issues fixed in the python311-social-auth-app-django-5.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2013-0006

Malware in sbrugna...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:GHSA-V49P-M6GH-747C...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:PYSEC-2024-158...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: SNYK:PYTHON-DJOSER-8366540...

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate() method in the Django web application framework allows a hacker to gain unauthorized access to protected information.

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate method in the Django web application framework is related to insufficient protection of sensitive data due to timing discrepancies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

SUSE CVE-2013-1443

The authentication framework django.contrib.auth in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service CPU consumption via a long password which is then hashed...

SUSE CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

GHSA-RF4J-J272-FJ86 Django vulnerable to information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

CVE-2013-1443

The authentication framework django.contrib.auth in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service CPU consumption via a long password which is then hashed...

PYSEC-2013-18

The authentication framework django.contrib.auth in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service CPU consumption via a long password which is then hashed...

CVE-2007-0405

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...