Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
djoser 安全漏洞
Vulnerability Description
djoser是Sunscrapers开源的一个 Django 身份验证系统的 REST 实现。 djoser 2.3.0之前版本存在安全漏洞,该漏洞源于系统会直接查询数据库,向具有有效凭据的用户授予访问权限,容易受到身份验证绕过攻击。
CVSS Information
N/A
Vulnerability Type
N/A