Search for packages
Package details: pkg:alpm/archlinux/python-django@2.1.1-1
purl pkg:alpm/archlinux/python-django@2.1.1-1
Next non-vulnerable version 2.1.2-1
Latest non-vulnerable version 5.1.11-1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-w587-v6fz-aaaf
Aliases:
CVE-2018-16984
GHSA-6mx3-3vqg-hpp2
PYSEC-2018-3
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
2.1.2-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:53.237176+00:00 Arch Linux Importer Affected by VCID-w587-v6fz-aaaf https://security.archlinux.org/AVG-773 36.0.0
2024-10-12T00:59:57.594427+00:00 Arch Linux Importer Affected by VCID-w587-v6fz-aaaf https://security.archlinux.org/AVG-773 34.0.2
2024-09-18T02:02:14.032388+00:00 Arch Linux Importer Affected by VCID-w587-v6fz-aaaf https://security.archlinux.org/AVG-773 34.0.1
2024-04-23T19:47:34.589896+00:00 Arch Linux Importer Affected by VCID-w587-v6fz-aaaf https://security.archlinux.org/AVG-773 34.0.0rc4
2024-01-03T22:28:16.280070+00:00 Arch Linux Importer Affected by VCID-w587-v6fz-aaaf https://security.archlinux.org/AVG-773 34.0.0rc1