Search for packages
| purl | pkg:alpm/archlinux/python-django@2.1.2-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-w587-v6fz-aaaf | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. |
CVE-2018-16984
GHSA-6mx3-3vqg-hpp2 PYSEC-2018-3 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:46:53.242071+00:00 | Arch Linux Importer | Fixing | VCID-w587-v6fz-aaaf | https://security.archlinux.org/AVG-773 | 36.0.0 |
| 2024-10-12T00:59:57.599632+00:00 | Arch Linux Importer | Fixing | VCID-w587-v6fz-aaaf | https://security.archlinux.org/AVG-773 | 34.0.2 |
| 2024-09-18T02:02:14.037434+00:00 | Arch Linux Importer | Fixing | VCID-w587-v6fz-aaaf | https://security.archlinux.org/AVG-773 | 34.0.1 |
| 2024-04-23T19:47:34.594744+00:00 | Arch Linux Importer | Fixing | VCID-w587-v6fz-aaaf | https://security.archlinux.org/AVG-773 | 34.0.0rc4 |
| 2024-01-03T22:28:16.284740+00:00 | Arch Linux Importer | Fixing | VCID-w587-v6fz-aaaf | https://security.archlinux.org/AVG-773 | 34.0.0rc1 |