Django Two-Factor Authentication是荷兰Bouke Haarsma软件开发者的一款双因素身份验证软件包。
Django Two-Factor Authentication 1.12之前版本中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf
来源:CONFIRM
链接:https://github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf
来源:MISC
链接:https://github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359
来源:MISC
链接:https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-15105