External Control of System or Configuration Setting Affecting django-stubs package, versions [,5.2.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-DJANGOSTUBS-12671219
- published15 Sept 2025
- disclosed1 May 2025
- creditUnknown
Introduced: 1 May 2025
CVE NOT AVAILABLE CWE-15 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade django-stubs to version 5.2.0 or higher.
Overview
django-stubs is a Mypy stubs for Django
Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the inclusion of type stubs for deprecated and insecure password hashers such as MD5PasswordHasher, SHA1PasswordHasher, and CryptPasswordHasher. Their presence in type hints may inadvertently promote their use in Django applications, leading to the storage of passwords using weak hashing algorithms. This can make user credentials susceptible to brute-force or dictionary attacks.