Homepage

django-allauth@64.2.1 vulnerabilities

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

  • latest version

    65.7.0

  • latest non vulnerable version

    65.7.0

  • first published

    14 years ago

  • latest version published

    17 days ago

  • licenses detected

  • View django-allauth package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-allauth package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Timing Attack

    django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

    Affected versions of this package are vulnerable to Timing Attack in the AuthenticationBackend._authenticate_by_email method which allows attackers to determine the existence of user accounts by measuring response times during email/password authentication attempts.

    How to fix Timing Attack?

    Upgrade django-allauth to version 65.3.0 or higher.

    [,65.3.0)
    Go back to all versions of this package