Search for packages
| purl | pkg:alpm/archlinux/python-django@2.2.9-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8jaq-53td-wbeg | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
CVE-2019-19844
GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 |
| VCID-c2kc-1jh1-j3ha | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) |
CVE-2019-19118
GHSA-hvmf-r92r-27hr PYSEC-2019-15 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:27:20.726963+00:00 | Arch Linux Importer | Fixing | VCID-c2kc-1jh1-j3ha | https://security.archlinux.org/AVG-1070 | 38.0.0 |
| 2026-04-01T18:25:52.629807+00:00 | Arch Linux Importer | Fixing | VCID-8jaq-53td-wbeg | https://security.archlinux.org/AVG-1080 | 38.0.0 |