mezzanine@0.5.1 vulnerabilities

An open source content management platform built using the Django framework.

Direct Vulnerabilities

Known vulnerabilities in the mezzanine package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Authentication Bypass Using an Alternate Path or Channel

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the manipulation of the Host header. An attacker can bypass access controls by crafting malicious Host header values.

How to fix Authentication Bypass Using an Alternate Path or Channel?

There is no fixed version for Mezzanine.

[0,)
  • M
Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the admin panel.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for Mezzanine.

[0,)
  • M
Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to lack of CSRF protection and in forms.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade Mezzanine to version 0.5.2 or higher.

[,0.5.2)
  • M
Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) as the admin does not use CSRF token for forms.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade Mezzanine to version 0.10.5 or higher.

[,0.10.5)
  • M
Insecure Defaults

Affected versions of this package are vulnerable to Insecure Defaults due to ACCOUNTS_APPROVAL_REQUIRED variable bypasses ACCOUNTS_VERIFICATION_REQUIRED variable , which makes it possible for the the user to login regardless of whether the email address is valid or not.

How to fix Insecure Defaults?

Upgrade Mezzanine to version 1.4.8 or higher.

[,1.4.8)
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to execute arbitrary code via the Description field of the component admin/blog/blogpost/add/.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for Mezzanine.

[0,)
  • M
Information Exposure

mezzanine is a content management platform.

Affected versions of this package are vulnerable to Information Exposure. The password reset url is exposed to untrusted intermediary nodes in the network.

How to fix Information Exposure?

Upgrade mezzanine to version 4.3.0 or higher.

[,4.3.0)