VulnerableCode Package Details - pkg:alpm/archlinux/python-django@2.2.9-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-pm6s-x7r5-aaak	Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)	CVE-2019-19844 GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 PYSEC-2019-86
VCID-qs2z-b4r2-aaac	Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)	CVE-2019-19118 GHSA-hvmf-r92r-27hr PYSEC-2019-15 PYSEC-2019-85

Vulnerability

Summary

Aliases

VCID-pm6s-x7r5-aaak

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

CVE-2019-19844
GHSA-vfq6-hq5r-27r6
PYSEC-2019-16
PYSEC-2019-86

VCID-qs2z-b4r2-aaac

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)

CVE-2019-19118
GHSA-hvmf-r92r-27hr
PYSEC-2019-15
PYSEC-2019-85

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:47:05.969262+00:00	Arch Linux Importer	Fixing	VCID-qs2z-b4r2-aaac	https://security.archlinux.org/AVG-1070	36.0.0
2025-03-28T07:45:53.532695+00:00	Arch Linux Importer	Fixing	VCID-pm6s-x7r5-aaak	https://security.archlinux.org/AVG-1080	36.0.0
2024-09-18T02:02:29.646855+00:00	Arch Linux Importer	Fixing	VCID-qs2z-b4r2-aaac	https://security.archlinux.org/AVG-1070	34.0.1
2024-09-18T02:00:56.037105+00:00	Arch Linux Importer	Fixing	VCID-pm6s-x7r5-aaak	https://security.archlinux.org/AVG-1080	34.0.1
2024-01-03T22:28:30.378627+00:00	Arch Linux Importer	Fixing	VCID-qs2z-b4r2-aaac	https://security.archlinux.org/AVG-1070	34.0.0rc1
2024-01-03T22:27:13.011210+00:00	Arch Linux Importer	Fixing	VCID-pm6s-x7r5-aaak	https://security.archlinux.org/AVG-1080	34.0.0rc1