Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2025-01-23T00:23:05+00:00 2025-01-23T00:23:05+00:00 Soumya Sambu soumya.sambu@windriver.com 2025-01-10T13:18:01+00:00 urn:sha1:be168328f84eef8007cc8e3f9c2e08c59b036b9d An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45231 Upstream-patch: https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>