Martinmo

**Name of the Vulnerable Software and Affected Versions** YAOOK Operator (affected versions not specified) **Description** An incorrect configuration of replication security within the MariaDB component of the infra-operator in YAOOK Operator could allow an on-path attacker to read database contents, which may include credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** django-registration versions prior to 3.1.2 **Description** The django-registration package has an issue where the base user-account registration view does not properly apply filters to sensitive data. This can result in sensitive data being included in error reports rather than being removed automatically by Django. For this to occur, a site must be using django-registration prior to 3.1.2, have detailed error reports enabled, and experience a server-side error during an account registration attempt. Under these conditions, recipients of the detailed error report may see all submitted data, including the user's proposed credentials, such as a password. **Recommendations** For django-registration versions prior to 3.1.2, update to version 3.1.2 or later, which properly applies Django's `sensitive post parameters()` decorator to the base user-registration view. As a temporary workaround, users who cannot upgrade quickly can apply the `django.views.decorators.debug.sensitive post parameters()` decorator to their own registration views by using Django's `method decorator()` helper on the `dispatch()` method of the appropriate `RegistrationView` class.