HIGH 7.1

PYSEC-2025-187

Details

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / taguette

Introduced in: 0 Fixed in: 1.5.1

Fix pip install --upgrade 'taguette>=1.5.1'

References

https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j [REPORT]
https://gitlab.com/remram44/taguette/-/issues/331 [REPORT]