{
    "action": "published",
    "security_advisory": {
      "ghsa_id": "GHSA-rf4j-j272-fj86",
      "summary": "Moderate severity vulnerability that affects django",
      "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
      "severity": "moderate",
      "identifiers": [
        {
          "value": "GHSA-rf4j-j272-fj86",
          "type": "GHSA"
        },
        {
          "value": "CVE-2018-6188",
          "type": "CVE"
        }
      ],
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
        }
      ],
      "published_at": "2018-10-03T21:13:54Z",
      "updated_at": "2018-10-03T21:13:54Z",
      "withdrawn_at": null,
      "vulnerabilities": [
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "moderate",
          "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
          "first_patched_version": {
            "identifier": "2.0.2"
          }
        },
        {
          "package": {
            "ecosystem": "pip",
            "name": "django"
          },
          "severity": "moderate",
          "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
          "first_patched_version": {
            "identifier": "1.11.10"
          }
        }
      ]
    }
  }