Download
| Alert*
|
oval:org.secpod.oval:def:61518
python-django: High-level Python web development framework Django accounts could be hijacked through password reset requests. oval:org.secpod.oval:def:61486 Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retr ... oval:org.secpod.oval:def:117683 Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. oval:org.secpod.oval:def:1801654 By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.changed the description 4 times within 10 minutes changed the descr ... oval:org.secpod.oval:def:69935 Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retr ... oval:org.secpod.oval:def:604666 Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially retr ... oval:org.secpod.oval:def:705318 python-django: High-level Python web development framework Django accounts could be hijacked through password reset requests. oval:org.secpod.oval:def:2105460 Oracle Solaris 11 - ( CVE-2019-12387 ) |
