Safety CI > cookiecutter/cookiecutter-django

master

5 months, 3 weeks ago

f2880ab5

Release 2024.06.04

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 3 weeks ago

66e4d3d9

Update pytest from 8.2.1 to 8.2.2

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-pytest-8.2.1-to-8.2.2

5 months, 3 weeks ago

9372967e

Update pytest from 8.2.1 to 8.2.2

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-pytest-8.2.1-to-8.2.2

5 months, 3 weeks ago

d478c1d2

Update pytest from 8.2.1 to 8.2.2

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 4 weeks ago

7216565c

Update sh from 2.0.6 to 2.0.7

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 4 weeks ago

824630a9

Update sentry-sdk from 2.3.1 to 2.4.0

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-sentry-sdk-2.3.1-to-2.4.0

5 months, 4 weeks ago

bb8666e1

Update sentry-sdk from 2.3.1 to 2.4.0

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 4 weeks ago

ed59d08e

Release 2024.06.02

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

5 months, 4 weeks ago

53394a6a

Update uvicorn from 0.30.0 to 0.30.1 (#5115)

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

pyup-update-uvicorn-0.30.0-to-0.30.1

6 months ago

78f4d2b3

Update uvicorn from 0.30.0 to 0.30.1

jinja2 3.1.4 and django-allauth 0.63.2 have known security vulnerabilities.

Package	Installed	Affected	Info
django-allauth	0.63.2	<0.63.6	show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.
django-allauth	0.63.2	<0.63.3	show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

Package

Installed

Affected

Info

django-allauth

0.63.2

<0.63.6

show

In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information.

django-allauth

0.63.2

<0.63.3

show

Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability.

master

6 months ago

3f38cfac

Release 2024.06.01

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-update-sh-2.0.6-to-2.0.7

6 months ago

510002ba

Update sh from 2.0.6 to 2.0.7

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

master

6 months ago

0cfd278d

Update ruff to 0.4.7 (#5112) * Update ruff from 0.4.6 to 0.4.7 * Update ruff from 0.4.6 to 0.4.7

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

pyup-update-ruff-0.4.6-to-0.4.7

6 months ago

34b0bb0c

Update Ruff pre-commit hook (#5113) Co-authored-by: browniebroke <861044+browniebroke@users.noreply

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info

update/pre-commit-autoupdate

6 months ago

3c86fa74

Auto-update pre-commit hooks

jinja2 3.1.4 has known security vulnerabilities.

Package	Installed	Affected	Info