py-django: Potential account hijack via password reset form (CVE-2019-19844)ID: oval:org.secpod.oval:def:1801654 | Date: (C)2019-12-30 (M)2023-11-10 |
Class: PATCH | Family: unix |
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.changed the description 4 times within 10 minutes changed the descriptionmade the issue visible to everyone
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.8 |
Alpine Linux 3.9 |