发布于3月6日3月6日 Members FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-39329): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-39329
