Lucene search
K

44 matches found

OSV
OSV
added 2019/12/18 7:15 p.m.2 views

PYSEC-2019-16

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

9.8CVSS6.8AI score0.3481EPSS
Exploits7References11
Debian
Debian
added 2019/12/18 4:50 p.m.61 views

[SECURITY] [DLA 2042-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : 946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Djangos password-reset form used a case-insensitive query to retrieve...

9.8CVSS9.6AI score0.3481EPSS
Exploits7
OSV
OSV
added 2019/12/18 12:0 a.m.2 views

UBUNTU-CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

9.8CVSS6.7AI score0.3481EPSS
Exploits7References5
Positive Technologies
Positive Technologies
added 2019/12/15 12:0 a.m.5 views

PT-2019-4872 · Django Software Foundation +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions prior to 1.11.27 Django versions 2.x prior to 2.2.9 Django versions 3.x prior to 3.0.1 Description: The issue allows account takeover by sending a password reset token to an attacker for a matched user account. This occurs whe...

9.8CVSS6.7AI score0.99856EPSS
Exploits59References319
Rows per page
Query Builder