CNNVD-202512-2707 Information

CNNVD ID

CNNVD-202512-2707

Related CVE

CVE-2025-65430

• CNNVD Published: 2025-12-15

Description (Chinese)

allauth-django是allauth开源的一个身份验证应用。 allauth-django 65.13.0之前版本存在安全漏洞，该漏洞源于将用户标记为is_active=False后仍接受该用户的令牌。

Description (English)

Allauth-django is an identification application for allauth open sources. Allauth-django 65.13.0 has a security loophole that results from the acceptance of the user ’ s token after marking the user as is active=False.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

allauth

Published

2025-12-15

Last Modified

2026-02-24

References

https://allauth.org/news/2025/10/django-allauth-65.13.0-released/

Patch

https://allauth.org/news/2025/11/django-allauth-65.13.1-released/