13 matches found
EUVD-2024-0205
Malicious code in bioql PyPI...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : djoser vulnerability (USN-7354-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7354-1 advisory. Diego Cebrin discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly...
USN-7354-1: djoser vulnerability
Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access...
Authentication Bypass
Djoser is vulnerable to Authentication Bypass. The vulnerability is due to a fallback mechanism that queries the database directly when the authenticate function fails, allowing an attacker to gain unauthorized access by bypassing custom authentication checks such as two-factor authentication, LD...
gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)
djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:PYSEC-2024-158...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
PYSEC-2024-158
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
CVE-2024-21543
CVE-2024-21543 affects the Python package djoser up to version 2.3.0. The vulnerability arises when authenticate() fails and the system falls back to a direct database query, potentially granting access to users with valid credentials and bypassing authentication checks (e.g., 2FA, LDAP, or AUTHE...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
djoser 安全漏洞
djoser is a REST implementation of the Django authentication system open-sourced by Sunscrapers. A security vulnerability exists in djoser versions prior to 2.3.0, which stems from the system directly querying the database to grant access to users with valid credentials, making it susceptible to ...
gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)
djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: SNYK:PYTHON-DJOSER-8366540...