django-allauth@0.8.1 vulnerabilities
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.
-
latest version
65.2.0
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
17 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the django-allauth package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization, allowing an attacker to exploit this vulnerability when configuring the Facebook provider to use the How to fix Cross-site Scripting (XSS)? Upgrade |
[,0.63.6)
|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the SAML login flow. How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,0.63.3)
|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Denial of Service (DoS) in How to fix Denial of Service (DoS)? Upgrade |
[,0.30.0)
|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Information Exposure via the How to fix Information Exposure? Upgrade |
[,0.33.0)
|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Timing Attack which allows an attacker to infer whether or not a given account exists based on the response time of an authentication attempt. This occurs even when account enumeration prevention is turned on. How to fix Timing Attack? Upgrade |
[,0.54.0)
|
django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Affected versions of this package are vulnerable to Account Hijacking. By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account. How to fix Account Hijacking? Upgrade |
[,0.41.0)
|