Homepage
About Snyk

weblate@4.11.2 vulnerabilities

A web-based continuous localization system with tight version control integration

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the weblate package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure due to a flaw that allows one to log in without credentials after logging out, potentially causing sensitive data exposure.

How to fix Information Exposure?

Upgrade Weblate to version 4.18 or higher.

[,4.18)
  • M
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the weblate/accounts/pipeline.py and weblate/accounts/views.py endpoints, due to missing rate limiting for the 'Remove Account' function.

Note:

This issue can lead to massive mailings.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade Weblate to version 4.14.2 or higher.

[,4.14.2)
Go back to all versions of this package