VulnerableCode Package Details - pkg:alpm/archlinux/python-django@2.1.1-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/python-django@2.1.1-1

Essentials
History (1)

purl	pkg:alpm/archlinux/python-django@2.1.1-1

Next non-vulnerable version	2.1.2-1
Latest non-vulnerable version	5.1.11-1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-6hfy-2gcp-1uh4 Aliases: CVE-2018-16984 GHSA-6mx3-3vqg-hpp2 PYSEC-2018-3	An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.	2.1.2-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:27:04.071988+00:00	Arch Linux Importer	Affected by	VCID-6hfy-2gcp-1uh4	https://security.archlinux.org/AVG-773	38.0.0