EUVD-2024-0205

Malicious code in bioql PyPI...

Ubuntu: Security Advisory (USN-7354-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : djoser vulnerability (USN-7354-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7354-1 advisory. Diego Cebrin discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly...

USN-7354-1: djoser vulnerability

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access...

USN-7354-1 djoser vulnerability

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access...

Linux Distros Unpatched Vulnerability : CVE-2024-21543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back ...

Debian: Security Advisory (DLA-4060-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4060-1] djoser security update

Debian LTS Advisory DLA-4060-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson February 20, 2025 https://wiki.debian.org/LTS Package : djoser Version : 2.1.0-1+deb11u1 CVE ID : CVE-2024-21543 Debian Bug : 1089915 djoser is a REST implementation of Django...

Debian dla-4060 : python3-djoser - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4060 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4060-1 [email protected] https://www.debian.org/lts/security/...

DLA-4060-1 djoser - security update

Bulletin has no description...

CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

Authentication Bypass

Djoser is vulnerable to Authentication Bypass. The vulnerability is due to a fallback mechanism that queries the database directly when the authenticate function fails, allowing an attacker to gain unauthorized access by bypassing custom authentication checks such as two-factor authentication, LD...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:GHSA-V49P-M6GH-747C...

djoser Authentication Bypass

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

GHSA-V49P-M6GH-747C djoser Authentication Bypass

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:PYSEC-2024-158...

PYSEC-2024-158

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

PYSEC-2024-158

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...