python3-django: Fix CVE-2024-45231 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:18:01 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:23:05 -0500
commit	be168328f84eef8007cc8e3f9c2e08c59b036b9d (patch)
tree	cea2269af70b9df62b92638e69530599210d65eb /meta-python/recipes-devtools/python/python3-django/CVE-2024-53907.patch
parent	b4feba446d7a8f8232528c4b2ee936e5b98ced3d (diff)
download	meta-openembedded-be168328f84eef8007cc8e3f9c2e08c59b036b9d.tar.gz

python3-django: Fix CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45231 Upstream-patch: https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/CVE-2024-53907.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: