Search for packages
Package details: pkg:alpm/archlinux/python-django@2.2.6-1
purl pkg:alpm/archlinux/python-django@2.2.6-1
Next non-vulnerable version 2.2.9-1
Latest non-vulnerable version 5.1.11-1
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-pm6s-x7r5-aaak
Aliases:
CVE-2019-19844
GHSA-vfq6-hq5r-27r6
PYSEC-2019-16
PYSEC-2019-86
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
2.2.9-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:45:53.526922+00:00 Arch Linux Importer Affected by VCID-pm6s-x7r5-aaak https://security.archlinux.org/AVG-1080 36.0.0
2024-09-18T02:00:56.031800+00:00 Arch Linux Importer Affected by VCID-pm6s-x7r5-aaak https://security.archlinux.org/AVG-1080 34.0.1
2024-01-03T22:27:13.006462+00:00 Arch Linux Importer Affected by VCID-pm6s-x7r5-aaak https://security.archlinux.org/AVG-1080 34.0.0rc1