django-allauth@0.56.1 vulnerabilities

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

latest version

65.2.0
latest non vulnerable version

65.2.0
first published

14 years ago
latest version published

17 days ago
licenses detected
- MIT
  [0,)
View django-allauth package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the django-allauth package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization, allowing an attacker to exploit this vulnerability when configuring the Facebook provider to use the `js_sdk` method, potentially compromising user sessions or stealing sensitive information. How to fix Cross-site Scripting (XSS)? Upgrade `django-allauth` to version 0.63.6 or higher.	[,0.63.6)
M Cross-site Request Forgery (CSRF) django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the SAML login flow. `RelayState` was used to keep track of whether or not the login flow was IdP or SP initiated. As `RelayState` is a separate field, not part of the `SAMLResponse` payload, it was not signed, allowing the existence of this vulnerability. How to fix Cross-site Request Forgery (CSRF)? Upgrade `django-allauth` to version 0.63.3 or higher.	[,0.63.3)

Cross-site Scripting (XSS)

django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization, allowing an attacker to exploit this vulnerability when configuring the Facebook provider to use the js_sdk method, potentially compromising user sessions or stealing sensitive information.

How to fix Cross-site Scripting (XSS)?

Upgrade django-allauth to version 0.63.6 or higher.

[,0.63.6)

Cross-site Request Forgery (CSRF)

django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the SAML login flow. RelayState was used to keep track of whether or not the login flow was IdP or SP initiated. As RelayState is a separate field, not part of the SAMLResponse payload, it was not signed, allowing the existence of this vulnerability.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade django-allauth to version 0.63.3 or higher.

[,0.63.3)

Go back to all versions of this package

django-allauth@0.56.1 vulnerabilities

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities