UbuntuUpdates.org

Package "djoser"

Name: djoser

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • REST implementation of Django authentication system (Python3 version)

Latest version: 2.1.0-1ubuntu0.24.10.1
Release: oracular (24.10)
Level: updates
Repository: universe

Links



Other versions of "djoser" in Oracular

Repository Area Version
base universe 2.1.0-1
security universe 2.1.0-1ubuntu0.24.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.0-1ubuntu0.24.10.1 2025-03-17 23:06:51 UTC

  djoser (2.1.0-1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Authentication fallback bypasses custom validations
    - debian/patches/CVE-2024-21543.patch: rollback commit
      8f65bfff16577c7fb0f52bbabf5fb69f6809ba62, reverts the changes to
      /djoser/serializers.py that introduced the vulnerability
    - CVE-2024-21543

 -- Elise Hlady <email address hidden> Tue, 04 Mar 2025 14:10:00 -0800

CVE-2024-21543 Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the syste



About   -   Send Feedback to @ubuntu_updates