44 matches found
PYSEC-2019-16
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...
[SECURITY] [DLA 2042-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...
UBUNTU-CVE-2019-19844
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...
PT-2019-4872 · Django Software Foundation +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions prior to 1.11.27 Django versions 2.x prior to 2.2.9 Django versions 3.x prior to 3.0.1 Description: The issue allows account takeover by sending a password reset token to an attacker for a matched user account. This occurs whe...