weblate@4.6.1 vulnerabilities

A web-based continuous localization system with tight version control integration

Known vulnerabilities in the weblate package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Information Exposure Affected versions of this package are vulnerable to Information Exposure due to a flaw that allows one to log in without credentials after logging out, potentially causing sensitive data exposure. How to fix Information Exposure? Upgrade `Weblate` to version 4.18 or higher.	[,4.18)
M Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `weblate/accounts/pipeline.py` and `weblate/accounts/views.py` endpoints, due to missing rate limiting for the 'Remove Account' function. Note: This issue can lead to massive mailings. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `Weblate` to version 4.14.2 or higher.	[,4.14.2)
H Remote Code Execution (RCE) Affected versions of this package are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. How to fix Remote Code Execution (RCE)? Upgrade `Weblate` to version 4.11.1 or higher.	[0,4.11.1)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via crafted user and language names. How to fix Cross-site Scripting (XSS)? Upgrade `Weblate` to version 4.11 or higher.	[,4.11)