generated from fastai/nbdev_template
-
Notifications
You must be signed in to change notification settings - Fork 57
/
security_advisory.json
51 lines (51 loc) · 1.46 KB
/
security_advisory.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{
"action": "published",
"security_advisory": {
"ghsa_id": "GHSA-rf4j-j272-fj86",
"summary": "Moderate severity vulnerability that affects django",
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
"severity": "moderate",
"identifiers": [
{
"value": "GHSA-rf4j-j272-fj86",
"type": "GHSA"
},
{
"value": "CVE-2018-6188",
"type": "CVE"
}
],
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
}
],
"published_at": "2018-10-03T21:13:54Z",
"updated_at": "2018-10-03T21:13:54Z",
"withdrawn_at": null,
"vulnerabilities": [
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "moderate",
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
"first_patched_version": {
"identifier": "2.0.2"
}
},
{
"package": {
"ecosystem": "pip",
"name": "django"
},
"severity": "moderate",
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
"first_patched_version": {
"identifier": "1.11.10"
}
}
]
}
}