HIGH 7.1

PYSEC-2025-187

상세

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / taguette

최초 영향 버전: 0 수정 버전: 1.5.1

수정 pip install --upgrade 'taguette>=1.5.1'

참고

https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j [REPORT]
https://gitlab.com/remram44/taguette/-/issues/331 [REPORT]