You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pipfile.lock and requirements.txt need the following change applied:
django>=2.0.8
CVE-2018-14574
moderate severity
Vulnerable versions: >= 2.0, < 2.0.8
Patched version: 2.0.8
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2018-6188
moderate severity
Vulnerable versions: >= 2.0.0, < 2.0.2
Patched version: 2.0.2
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
The text was updated successfully, but these errors were encountered:
pipfile.lock and requirements.txt need the following change applied:
django>=2.0.8
CVE-2018-14574
moderate severity
Vulnerable versions: >= 2.0, < 2.0.8
Patched version: 2.0.8
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2018-6188
moderate severity
Vulnerable versions: >= 2.0.0, < 2.0.2
Patched version: 2.0.2
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
The text was updated successfully, but these errors were encountered: