Homepage

django-ca@1.9.0 vulnerabilities

A Django app providing a TLS certificate authority.

  • latest version

    2.3.0

  • latest non vulnerable version

    2.3.0

  • first published

    9 years ago

  • latest version published

    20 days ago

  • licenses detected

  • View django-ca package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-ca package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    django-ca is a tool to manage TLS certificate authorities and easily issue and revoke certificates.

    Affected versions of this package are vulnerable to Denial of Service (DoS) via large response bodies when validating ACME challenges, which can lead to large files in memory.

    How to fix Denial of Service (DoS)?

    Upgrade django-ca to version 1.19.0 or higher.

    [,1.19.0)
    • M
    Insecure Defaults

    django-ca is a tool to manage TLS certificate authorities and easily issue and revoke certificates.

    Affected versions of this package are vulnerable to Insecure Defaults. Insecure default settings could lead to CSRF. The fix adds Django's secure cookies.

    How to fix Insecure Defaults?

    Upgrade django-ca to version 1.17.0 or higher.

    [,1.17.0)
    • M
    Cryptographic Issue

    django-ca is a tool to manage TLS certificate authorities and easily issue and revoke certificates.

    Affected versions of this package are vulnerable to Cryptographic Issue due to storing CA private keys in an insecure format.

    How to fix Cryptographic Issue?

    Upgrade django-ca to version 1.10.0 or higher.

    [,1.10.0)
    Go back to all versions of this package