Safety CI > cookiecutter/cookiecutter-django

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.16.7

5 months, 2 weeks ago

4caa6a65

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.16.6 to 2.16.7. --- updated-dependencies: - depend

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

c1ca194e

Release 2024.06.12

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 2 weeks ago

d3ce7925

Bump amazon/aws-cli Docker image from 2.15.58 to 2.16.6 (#5135) Bumps amazon/aws-cli from 2.15.58 t

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.16.6

5 months, 2 weeks ago

93e0ef5b

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.15.58 to 2.16.6. --- updated-dependencies: - depen

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/traefik/traefik-3.0.2

5 months, 3 weeks ago

da9bf0b0

Bump traefik Bumps traefik from 2.11.2 to 3.0.2. --- updated-dependencies: - dependency-name: trae

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.16.5

5 months, 3 weeks ago

2ecc51b5

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.15.58 to 2.16.5. --- updated-dependencies: - depen

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/django/python-3.12.4-slim-bookwor

5 months, 3 weeks ago

a9abe1ae

Bump python in /{{cookiecutter.project_slug}}/compose/production/django Bumps python from 3.12.3-sl

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/production/aws/amazon/aws-cli-2.16.4

5 months, 3 weeks ago

585fd1f9

Bump amazon/aws-cli Bumps amazon/aws-cli from 2.15.58 to 2.16.4. --- updated-dependencies: - depen

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/local/django/python-3.12.4-slim-bookworm

5 months, 3 weeks ago

7769a0da

Bump python in /{{cookiecutter.project_slug}}/compose/local/django Bumps python from 3.12.3-slim-bo

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

dependabot/docker/{{cookiecutter.project_slug}}/compose/local/docs/python-3.12.4-slim-bookworm

5 months, 3 weeks ago

4247f320

Bump python in /{{cookiecutter.project_slug}}/compose/local/docs Bumps python from 3.12.3-slim-book

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 3 weeks ago

8969cf60

Auto-update pre-commit hooks (#5128) Co-authored-by: browniebroke <861044+browniebroke@users.norepl

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

update/pre-commit-autoupdate

5 months, 3 weeks ago

df583cb6

Auto-update pre-commit hooks

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 3 weeks ago

cbe4532a

Release 2024.06.08

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 3 weeks ago

f6bf5217

Update Contributors

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 3 weeks ago

eec17f7c

Change aws-cli docker image to use official amazon image (#5116)

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.