Security Advisories

CVE-2024-39329

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2024-39329

Severity

5.3

Medium

CVSS V3

Summary

Django vulnerable to user enumeration attack

Description

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-39329

Severity

Summary

Description

References

Affected packages

Product

Why Chainguard

Why Chainguard

Customers

Customers

Company

Company

Resources

Resources