CNNVD-202512-2704 Information

CNNVD ID

CNNVD-202512-2704

Related CVE

CVE-2025-65431

• CNNVD Published: 2025-12-15

Description (Chinese)

allauth-django是allauth开源的一个身份验证应用。 allauth-django 65.13.0之前版本存在安全漏洞，该漏洞源于Okta和NetIQ使用preferred_username作为第三方提供商帐户的标识符，可能导致授权决策不当。

Description (English)

Allauth-django is an identification application for allauth open sources. Allauth-django 65.13.0 has a security loophole from Okta and NetIQ using preferred username as the identifier for third-party provider accounts, which may lead to improper decision-making.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

allauth

Published

2025-12-15

Last Modified

2026-02-24

References

https://allauth.org/news/2025/10/django-allauth-65.13.0-released/

Patch

https://allauth.org/news/2025/11/django-allauth-65.13.1-released/