Package | Installed | Affected | Info |
---|---|---|---|
django-allauth | 0.63.0 | <65.3.0 |
show Affected versions of allauth are vulnerable to account enumeration through timing attacks (CWE-203). This vulnerability allows attackers to determine the existence of user accounts by measuring response times during email/password authentication attempts. The issue resides in the AuthenticationBackend._authenticate_by_email method, which did not mitigate timing discrepancies. Exploitation can be performed remotely with high feasibility. Users should update to the latest version of allauth to apply the implemented timing attack mitigations. |
django-allauth | 0.63.0 | <0.63.6 |
show In Django-allauth, a vulnerability allows attackers to inject arbitrary JavaScript into the login page when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information. |
django-allauth | 0.63.0 | <0.63.3 |
show Affected versions of Django-allauth are vulnerable to CSRF and replay attacks in the SAML login flow. RelayStatewas used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, causing the vulnerability. |
https://pyup.io/repos/github/sirrobot01/django-quickstarter/python-3-shield.svg
[](https://pyup.io/repos/github/sirrobot01/django-quickstarter/)
.. image:: https://pyup.io/repos/github/sirrobot01/django-quickstarter/python-3-shield.svg :target: https://pyup.io/repos/github/sirrobot01/django-quickstarter/ :alt: Python 3
<a href="https://pyup.io/repos/github/sirrobot01/django-quickstarter/"><img src="https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/sirrobot01/django-quickstarter/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/sirrobot01/django-quickstarter/
{<img src="https://pyup.io/repos/github/sirrobot01/django-quickstarter/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/sirrobot01/django-quickstarter/]
https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg
[](https://pyup.io/repos/github/sirrobot01/django-quickstarter/)
.. image:: https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg :target: https://pyup.io/repos/github/sirrobot01/django-quickstarter/ :alt: Updates
<a href="https://pyup.io/repos/github/sirrobot01/django-quickstarter/"><img src="https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg(Updates)!:https://pyup.io/repos/github/sirrobot01/django-quickstarter/
{<img src="https://pyup.io/repos/github/sirrobot01/django-quickstarter/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/sirrobot01/django-quickstarter/]