VYPR

PyPI package

django-basic-auth-ip-whitelist

pkg:pypi/django-basic-auth-ip-whitelist

Vulnerabilities (1)

  • CVE-2020-4071Jun 24, 2020
    affected < 0.3.4fixed 0.3.4

    In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones pro