Wind River Support Network

HomeDefectsLIN1022-10707
Fixed

LIN1022-10707 : Security Advisory - python-django - CVE-2024-45231

Created: Sep 3, 2024    Updated: Jun 3, 2025
Resolved Date: May 28, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.21
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube