Update App Store: Django account high jacking vulnerability
Medium
Vulnerability Details
High Severity Framework Security Fix
## Impact
There's a nasty bug that allows accounts to be highjacked. Attackers still can't distribute archive since they are signed but can highjack admin accounts and swap out packges in the admin panel. I've updated the deps, tests work fine locally but you should check just to be sure and deploy the latest master branch ASAP
Actions
View on HackerOneReport Stats
- Report ID: 761329
- State: Closed
- Substate: resolved
- Upvotes: 11