angler-fishThe Vulnerability History Project

Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.

      Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
by Carole the Kinkajou 2017-01-13 14:17:54 UTC
commit ede59ef6f39ff8a6443c2b24df0208ef6ec41ee0
Django VCC CVE-2018-16984
AUTHORS
-1
django/contrib/auth/tokens.py
-2
django/contrib/auth/views.py
+6 -25
docs/releases/1.11.txt
-8
tests/auth_tests/client.py
-41
tests/auth_tests/test_templates.py
+3 -10
tests/auth_tests/test_tokens.py
-7
tests/auth_tests/test_views.py
+2 -29
expand_less