Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.11.4
Typepypi
Namespace
Namedjango
Version1.11.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.19
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-322v-ntsv-7uge
vulnerability_id VCID-322v-ntsv-7uge
summary django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0265
1
reference_url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
2
reference_url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
3
reference_url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
reference_id
reference_type
scores
url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
4
reference_url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
reference_id
reference_type
scores
url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
6
reference_url https://usn.ubuntu.com/3726-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3726-1
7
reference_url https://usn.ubuntu.com/3726-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3726-1/
8
reference_url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
9
reference_url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
10
reference_url https://www.debian.org/security/2018/dsa-4264
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4264
11
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
13
reference_url http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104970
14
reference_url http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041403
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
reference_id CVE-2018-14574
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
fixed_packages
0
url pkg:pypi/django@1.11.15
purl pkg:pypi/django@1.11.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-5q58-pzt4-8uey
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c3m7-fu62-2qd9
4
vulnerability VCID-f1br-hvnm-wfdg
5
vulnerability VCID-g44a-m54u-97cr
6
vulnerability VCID-gfar-wbzc-3ubr
7
vulnerability VCID-kbab-v2gz-dfe6
8
vulnerability VCID-m4wa-xv9b-q7ce
9
vulnerability VCID-t952-ghnf-jkby
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.15
1
url pkg:pypi/django@2.0.8
purl pkg:pypi/django@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-f1br-hvnm-wfdg
2
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.8
aliases CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-322v-ntsv-7uge
1
url VCID-3mfy-uj9u-d7de
vulnerability_id VCID-3mfy-uj9u-d7de
summary silent downgrade
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
5
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
6
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
7
reference_url https://github.com/advisories/GHSA-6c7v-2f49-8h26
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6c7v-2f49-8h26
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
10
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
13
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
14
reference_url https://security.netapp.com/advisory/ntap-20190705-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002
15
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
16
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1
17
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
18
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
19
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
20
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
21
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/07/01/3
22
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
23
reference_url https://security.archlinux.org/ASA-201907-2
reference_id ASA-201907-2
reference_type
scores
url https://security.archlinux.org/ASA-201907-2
24
reference_url https://security.archlinux.org/AVG-1000
reference_id AVG-1000
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1000
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
reference_id CVE-2019-12781
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
fixed_packages
0
url pkg:pypi/django@1.11.22
purl pkg:pypi/django@1.11.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-m4wa-xv9b-q7ce
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22
1
url pkg:pypi/django@2.1.10
purl pkg:pypi/django@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-c3m7-fu62-2qd9
2
vulnerability VCID-g44a-m54u-97cr
3
vulnerability VCID-gfar-wbzc-3ubr
4
vulnerability VCID-pgtx-cdua-kfb4
5
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10
2
url pkg:pypi/django@2.2.3
purl pkg:pypi/django@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-c3m7-fu62-2qd9
8
vulnerability VCID-drwp-htkk-bkfh
9
vulnerability VCID-fhp8-tck4-mye4
10
vulnerability VCID-fksk-pr23-2yd8
11
vulnerability VCID-g44a-m54u-97cr
12
vulnerability VCID-gfar-wbzc-3ubr
13
vulnerability VCID-hh9b-52xn-z7a9
14
vulnerability VCID-j81e-su1y-tqa6
15
vulnerability VCID-m4wa-xv9b-q7ce
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-na9w-xkvx-cbhd
18
vulnerability VCID-nss9-1yrb-x7f2
19
vulnerability VCID-pgtx-cdua-kfb4
20
vulnerability VCID-q8r2-m9s6-rbek
21
vulnerability VCID-qvfs-2v1h-p3h4
22
vulnerability VCID-u9q1-63gf-7feh
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-yreb-z7nz-jkbs
25
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3
aliases CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mfy-uj9u-d7de
2
url VCID-5q58-pzt4-8uey
vulnerability_id VCID-5q58-pzt4-8uey
summary Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
2
reference_url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
3
reference_url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
5
reference_url https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Feb/30
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200221-0006/
8
reference_url https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4264-1/
9
reference_url https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4629
10
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
11
reference_url https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/02/03/1
12
reference_url http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/02/03/1
fixed_packages
0
url pkg:pypi/django@1.11.28
purl pkg:pypi/django@1.11.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28
1
url pkg:pypi/django@2.2.10
purl pkg:pypi/django@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-6jpg-yrf8-cufy
3
vulnerability VCID-9end-mq19-rke5
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-fhp8-tck4-mye4
8
vulnerability VCID-fksk-pr23-2yd8
9
vulnerability VCID-hh9b-52xn-z7a9
10
vulnerability VCID-j81e-su1y-tqa6
11
vulnerability VCID-m4wa-xv9b-q7ce
12
vulnerability VCID-n9vn-4uxr-hkau
13
vulnerability VCID-na9w-xkvx-cbhd
14
vulnerability VCID-nss9-1yrb-x7f2
15
vulnerability VCID-q8r2-m9s6-rbek
16
vulnerability VCID-qvfs-2v1h-p3h4
17
vulnerability VCID-u9q1-63gf-7feh
18
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10
2
url pkg:pypi/django@3.0.3
purl pkg:pypi/django@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-hh9b-52xn-z7a9
4
vulnerability VCID-m4wa-xv9b-q7ce
5
vulnerability VCID-na9w-xkvx-cbhd
6
vulnerability VCID-q8r2-m9s6-rbek
7
vulnerability VCID-qvfs-2v1h-p3h4
8
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3
aliases CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey
3
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
4
url VCID-c3m7-fu62-2qd9
vulnerability_id VCID-c3m7-fu62-2qd9
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3m7-fu62-2qd9
5
url VCID-c58g-7jpv-t7hc
vulnerability_id VCID-c58g-7jpv-t7hc
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0051
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0051
2
reference_url https://access.redhat.com/errata/RHSA-2019:0082
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0082
3
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0265
4
reference_url https://github.com/advisories/GHSA-r28v-mw67-m5p9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r28v-mw67-m5p9
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
reference_id
reference_type
scores
url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
7
reference_url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
reference_id
reference_type
scores
url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
8
reference_url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
reference_id
reference_type
scores
url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
11
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1
12
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
13
reference_url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
14
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4161
15
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
16
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
17
reference_url http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103361
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
reference_id CVE-2018-7536
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
fixed_packages
0
url pkg:pypi/django@1.11.11
purl pkg:pypi/django@1.11.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-3mfy-uj9u-d7de
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c3m7-fu62-2qd9
5
vulnerability VCID-f1br-hvnm-wfdg
6
vulnerability VCID-g44a-m54u-97cr
7
vulnerability VCID-gfar-wbzc-3ubr
8
vulnerability VCID-kbab-v2gz-dfe6
9
vulnerability VCID-m4wa-xv9b-q7ce
10
vulnerability VCID-t952-ghnf-jkby
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11
1
url pkg:pypi/django@2.0.3
purl pkg:pypi/django@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-f1br-hvnm-wfdg
3
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3
aliases CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c58g-7jpv-t7hc
6
url VCID-f1br-hvnm-wfdg
vulnerability_id VCID-f1br-hvnm-wfdg
summary In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-337x-4q8g-prc5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-337x-4q8g-prc5
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
5
reference_url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
6
reference_url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
9
reference_url https://usn.ubuntu.com/3851-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1
10
reference_url https://usn.ubuntu.com/3851-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1/
11
reference_url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
12
reference_url https://www.debian.org/security/2019/dsa-4363
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4363
13
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
14
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
15
reference_url http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106453
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
reference_id CVE-2019-3498
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
fixed_packages
0
url pkg:pypi/django@1.11.18
purl pkg:pypi/django@1.11.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-5q58-pzt4-8uey
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c3m7-fu62-2qd9
4
vulnerability VCID-g44a-m54u-97cr
5
vulnerability VCID-gfar-wbzc-3ubr
6
vulnerability VCID-kbab-v2gz-dfe6
7
vulnerability VCID-m4wa-xv9b-q7ce
8
vulnerability VCID-t952-ghnf-jkby
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18
1
url pkg:pypi/django@2.0.10
purl pkg:pypi/django@2.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10
2
url pkg:pypi/django@2.1.5
purl pkg:pypi/django@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-kbab-v2gz-dfe6
6
vulnerability VCID-pgtx-cdua-kfb4
7
vulnerability VCID-t952-ghnf-jkby
8
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5
aliases CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg
7
url VCID-g44a-m54u-97cr
vulnerability_id VCID-g44a-m54u-97cr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g44a-m54u-97cr
8
url VCID-gfar-wbzc-3ubr
vulnerability_id VCID-gfar-wbzc-3ubr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfar-wbzc-3ubr
9
url VCID-hpj4-a9fa-4bca
vulnerability_id VCID-hpj4-a9fa-4bca
summary In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
references
0
reference_url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
1
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
2
reference_url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
reference_id
reference_type
scores
url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
3
reference_url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
reference_id
reference_type
scores
url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
5
reference_url https://usn.ubuntu.com/3559-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1
6
reference_url https://usn.ubuntu.com/3559-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1/
7
reference_url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
8
reference_url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
9
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
10
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
11
reference_url http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100643
12
reference_url http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039264
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
reference_id CVE-2017-12794
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
fixed_packages
0
url pkg:pypi/django@1.11.5
purl pkg:pypi/django@1.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-3mfy-uj9u-d7de
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c3m7-fu62-2qd9
5
vulnerability VCID-c58g-7jpv-t7hc
6
vulnerability VCID-f1br-hvnm-wfdg
7
vulnerability VCID-g44a-m54u-97cr
8
vulnerability VCID-gfar-wbzc-3ubr
9
vulnerability VCID-kbab-v2gz-dfe6
10
vulnerability VCID-m4wa-xv9b-q7ce
11
vulnerability VCID-t952-ghnf-jkby
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-x61x-6b6k-h3bn
14
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5
aliases CVE-2017-12794, GHSA-9r8w-6x8c-6jr9, PYSEC-2017-44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca
10
url VCID-kbab-v2gz-dfe6
vulnerability_id VCID-kbab-v2gz-dfe6
summary An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21
3
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21/
4
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9
5
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9/
6
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2
7
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2/
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
12
reference_url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
reference_id
reference_type
scores
url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
13
reference_url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
reference_id
reference_type
scores
url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
14
reference_url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
reference_id
reference_type
scores
url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
16
reference_url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
17
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
18
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
21
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
22
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
23
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1
24
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
25
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
26
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
27
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
28
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/06/03/2
29
reference_url http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108559
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
reference_id CVE-2019-12308
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
fixed_packages
0
url pkg:pypi/django@1.11.21
purl pkg:pypi/django@1.11.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-5q58-pzt4-8uey
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c3m7-fu62-2qd9
4
vulnerability VCID-g44a-m54u-97cr
5
vulnerability VCID-gfar-wbzc-3ubr
6
vulnerability VCID-m4wa-xv9b-q7ce
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21
1
url pkg:pypi/django@2.1.9
purl pkg:pypi/django@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-pgtx-cdua-kfb4
6
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9
2
url pkg:pypi/django@2.2.2
purl pkg:pypi/django@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-4cp2-k4mn-8ffj
2
vulnerability VCID-51tx-4tp9-kbcz
3
vulnerability VCID-5q58-pzt4-8uey
4
vulnerability VCID-6jpg-yrf8-cufy
5
vulnerability VCID-9end-mq19-rke5
6
vulnerability VCID-9mpt-zxaw-kkeg
7
vulnerability VCID-attf-6gj8-ebaj
8
vulnerability VCID-c3m7-fu62-2qd9
9
vulnerability VCID-drwp-htkk-bkfh
10
vulnerability VCID-fhp8-tck4-mye4
11
vulnerability VCID-fksk-pr23-2yd8
12
vulnerability VCID-g44a-m54u-97cr
13
vulnerability VCID-gfar-wbzc-3ubr
14
vulnerability VCID-hh9b-52xn-z7a9
15
vulnerability VCID-j81e-su1y-tqa6
16
vulnerability VCID-m4wa-xv9b-q7ce
17
vulnerability VCID-n9vn-4uxr-hkau
18
vulnerability VCID-na9w-xkvx-cbhd
19
vulnerability VCID-nss9-1yrb-x7f2
20
vulnerability VCID-pgtx-cdua-kfb4
21
vulnerability VCID-q8r2-m9s6-rbek
22
vulnerability VCID-qvfs-2v1h-p3h4
23
vulnerability VCID-u9q1-63gf-7feh
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-yreb-z7nz-jkbs
26
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2
aliases CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6
11
url VCID-m4wa-xv9b-q7ce
vulnerability_id VCID-m4wa-xv9b-q7ce
summary Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
2
reference_url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
3
reference_url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
4
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
8
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.gentoo.org/glsa/202004-17
9
reference_url https://security.netapp.com/advisory/ntap-20200327-0004/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.netapp.com/advisory/ntap-20200327-0004/
10
reference_url https://usn.ubuntu.com/4296-1/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://usn.ubuntu.com/4296-1/
11
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.debian.org/security/2020/dsa-4705
12
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.29
purl pkg:pypi/django@1.11.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.29
1
url pkg:pypi/django@2.2.11
purl pkg:pypi/django@2.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-6jpg-yrf8-cufy
3
vulnerability VCID-9end-mq19-rke5
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-fhp8-tck4-mye4
8
vulnerability VCID-fksk-pr23-2yd8
9
vulnerability VCID-hh9b-52xn-z7a9
10
vulnerability VCID-j81e-su1y-tqa6
11
vulnerability VCID-n9vn-4uxr-hkau
12
vulnerability VCID-na9w-xkvx-cbhd
13
vulnerability VCID-nss9-1yrb-x7f2
14
vulnerability VCID-q8r2-m9s6-rbek
15
vulnerability VCID-qvfs-2v1h-p3h4
16
vulnerability VCID-u9q1-63gf-7feh
17
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11
2
url pkg:pypi/django@3.0.4
purl pkg:pypi/django@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-hh9b-52xn-z7a9
4
vulnerability VCID-na9w-xkvx-cbhd
5
vulnerability VCID-q8r2-m9s6-rbek
6
vulnerability VCID-qvfs-2v1h-p3h4
7
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4
aliases CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4wa-xv9b-q7ce
12
url VCID-t952-ghnf-jkby
vulnerability_id VCID-t952-ghnf-jkby
summary Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
reference_id
reference_type
scores
url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
5
reference_url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
reference_id
reference_type
scores
url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
6
reference_url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
reference_id
reference_type
scores
url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
8
reference_url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
13
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
14
reference_url https://usn.ubuntu.com/3890-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3890-1
15
reference_url https://usn.ubuntu.com/3890-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3890-1/
16
reference_url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
17
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
18
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
19
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
20
reference_url https://www.openwall.com/lists/oss-security/2019/02/11/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/02/11/1
21
reference_url http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106964
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
reference_id CVE-2019-6975
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
fixed_packages
0
url pkg:pypi/django@1.11.19
purl pkg:pypi/django@1.11.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.19
1
url pkg:pypi/django@2.0.11
purl pkg:pypi/django@2.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.11
2
url pkg:pypi/django@2.0.12
purl pkg:pypi/django@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12
3
url pkg:pypi/django@2.1.6
purl pkg:pypi/django@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.6
4
url pkg:pypi/django@2.1.7
purl pkg:pypi/django@2.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-kbab-v2gz-dfe6
6
vulnerability VCID-pgtx-cdua-kfb4
7
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7
aliases CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t952-ghnf-jkby
13
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
14
url VCID-x61x-6b6k-h3bn
vulnerability_id VCID-x61x-6b6k-h3bn
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0265
2
reference_url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
reference_id
reference_type
scores
url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
5
reference_url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
reference_id
reference_type
scores
url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
6
reference_url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
reference_id
reference_type
scores
url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
9
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1
10
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
11
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4161
12
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
13
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
14
reference_url http://www.securityfocus.com/bid/103357
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103357
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
reference_id CVE-2018-7537
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
fixed_packages
0
url pkg:pypi/django@1.11.11
purl pkg:pypi/django@1.11.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-3mfy-uj9u-d7de
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c3m7-fu62-2qd9
5
vulnerability VCID-f1br-hvnm-wfdg
6
vulnerability VCID-g44a-m54u-97cr
7
vulnerability VCID-gfar-wbzc-3ubr
8
vulnerability VCID-kbab-v2gz-dfe6
9
vulnerability VCID-m4wa-xv9b-q7ce
10
vulnerability VCID-t952-ghnf-jkby
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11
1
url pkg:pypi/django@2.0.3
purl pkg:pypi/django@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-f1br-hvnm-wfdg
3
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3
aliases CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x61x-6b6k-h3bn
15
url VCID-yreb-z7nz-jkbs
vulnerability_id VCID-yreb-z7nz-jkbs
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6r97-cj55-9hrq
3
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
5
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
8
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
9
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.23
purl pkg:pypi/django@1.11.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23
1
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
2
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yreb-z7nz-jkbs
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.4