Source: django-allauth Version: 65.0.2-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for django-allauth. CVE-2026-27982[0]: | An open redirect vulnerability exists in django-allauth versions | prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is | disabled by default), which may allow an attacker to redirect users | to an arbitrary external website via a crafted URL. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-27982 https://www.cve.org/CVERecord?id=CVE-2026-27982 [1] https://allauth.org/news/2026/02/django-allauth-65.14.1-released/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
