PYSEC-2018-4

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2018-4.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-4
Aliases
Published
2018-02-05T03:29:00Z
Modified
2023-11-01T04:49:32.382565Z
Summary
[none]
Details

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed() method, as demonstrated by discovering whether a user account is inactive.

References

Affected packages

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0
Fixed
2.0.2

Affected versions

2.*

2.0
2.0.1