Oval Definition:oval:com.ubuntu.disco:def:2019198440000000
Revision Date:2019-12-18Version:1
Title:CVE-2019-19844 on Ubuntu 19.04 (disco) - high.
Description:Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-19844
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND python-django package in disco was vulnerable but has been fixed (note: '1:1.11.20-1ubuntu0.3').
  • BACK