Homepage

Mezzanine@1.4.1 vulnerabilities

An open source content management platform built using the Django framework.

  • latest version

    6.0.0

  • first published

    14 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View Mezzanine package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the Mezzanine package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Authentication Bypass Using an Alternate Path or Channel

    Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the manipulation of the Host header. An attacker can bypass access controls by crafting malicious Host header values.

    How to fix Authentication Bypass Using an Alternate Path or Channel?

    There is no fixed version for Mezzanine.

    [0,)
    • M
    Cross-site Request Forgery (CSRF)

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the admin panel.

    How to fix Cross-site Request Forgery (CSRF)?

    There is no fixed version for Mezzanine.

    [0,)
    • M
    Insecure Defaults

    Affected versions of this package are vulnerable to Insecure Defaults due to ACCOUNTS_APPROVAL_REQUIRED variable bypasses ACCOUNTS_VERIFICATION_REQUIRED variable , which makes it possible for the the user to login regardless of whether the email address is valid or not.

    How to fix Insecure Defaults?

    Upgrade Mezzanine to version 1.4.8 or higher.

    [,1.4.8)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for Mezzanine.

    [0,)
    • M
    Information Exposure

    mezzanine is a content management platform.

    Affected versions of this package are vulnerable to Information Exposure. The password reset url is exposed to untrusted intermediary nodes in the network.

    How to fix Information Exposure?

    Upgrade mezzanine to version 4.3.0 or higher.

    [,4.3.0)
    Go back to all versions of this package