Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-19844

Опубликовано: 18 дек. 2019
Источник: ubuntu
Приоритет: high
EPSS Средний
CVSS2: 5
CVSS3: 9.8

Описание

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

РелизСтатусПримечание
bionic

released

1:1.11.11-1ubuntu1.6
devel

released

2:2.2.9-2ubuntu1
disco

released

1:1.11.20-1ubuntu0.3
eoan

released

1:1.11.22-1ubuntu1.1
esm-infra-legacy/trusty

not-affected

1.6.11-0ubuntu1.3+esm7
esm-infra/bionic

not-affected

1:1.11.11-1ubuntu1.6
esm-infra/focal

not-affected

2:2.2.9-2ubuntu1
esm-infra/xenial

not-affected

1.8.7-1ubuntu5.11
focal

released

2:2.2.9-2ubuntu1
jammy

released

2:2.2.9-2ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 94%
0.12612
Средний

5 Medium

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-19844

CVSS3: 9.8
redhat
больше 5 лет назад

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

nvd логотип

CVE-2019-19844

CVSS3: 9.8
nvd
больше 5 лет назад

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

debian логотип

CVE-2019-19844

CVSS3: 9.8
debian
больше 5 лет назад

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...

github логотип

GHSA-vfq6-hq5r-27r6

CVSS3: 9.8
github
больше 5 лет назад

Django Potential account hijack via password reset form

fstec логотип

BDU:2020-01459

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость фреймворка для веб-приложений Django, связанная с ошибкой в работе механизма восстановления паролей, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 94%
0.12612
Средний

5 Medium

CVSS2

9.8 Critical

CVSS3