| 0 |
| url |
VCID-2bh9-k4at-r7hz |
| vulnerability_id |
VCID-2bh9-k4at-r7hz |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 4 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 5 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 6 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 7 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 8 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 9 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 10 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 13 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 14 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 15 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 16 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 17 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 18 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 1 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2bh9-k4at-r7hz |
|
| 1 |
| url |
VCID-2f2p-wfbs-73hz |
| vulnerability_id |
VCID-2f2p-wfbs-73hz |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.12 |
| purl |
pkg:pypi/django@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 2 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 3 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 4 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 5 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 6 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 7 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 8 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 9 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 10 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 11 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 12 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 13 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12 |
|
| 2 |
|
|
| aliases |
BIT-django-2022-23833, CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2f2p-wfbs-73hz |
|
| 2 |
| url |
VCID-3gvv-5jbs-cfc1 |
| vulnerability_id |
VCID-3gvv-5jbs-cfc1 |
| summary |
privilege escalation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.8 |
| purl |
pkg:pypi/django@2.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 8 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 9 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 10 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 13 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 14 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 15 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 16 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 17 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 18 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 19 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 20 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 21 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8 |
|
|
| aliases |
CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| url |
VCID-5a2y-2m62-1qfa |
| vulnerability_id |
VCID-5a2y-2m62-1qfa |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 15 |
|
| 16 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.13 |
| purl |
pkg:pypi/django@2.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 3 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 4 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 5 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 6 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 7 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 8 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 9 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 10 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 11 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 12 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 13 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 14 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 15 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13 |
|
| 1 |
|
|
| aliases |
BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5a2y-2m62-1qfa |
|
| 4 |
| url |
VCID-7b47-vsfh-y3gh |
| vulnerability_id |
VCID-7b47-vsfh-y3gh |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4296-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4296-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.11 |
| purl |
pkg:pypi/django@2.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 3 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 4 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 7 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 8 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 9 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 12 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 13 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 14 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 15 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 16 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 17 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11 |
|
| 1 |
|
|
| aliases |
BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7b47-vsfh-y3gh |
|
| 5 |
| url |
VCID-81q1-gytk-2uaq |
| vulnerability_id |
VCID-81q1-gytk-2uaq |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.12 |
| purl |
pkg:pypi/django@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 2 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 3 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 4 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 5 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 6 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 7 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 8 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 9 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 10 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 11 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 12 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 13 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12 |
|
| 2 |
|
|
| aliases |
BIT-django-2022-22818, CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-81q1-gytk-2uaq |
|
| 6 |
| url |
VCID-9hp4-hn21-zkg8 |
| vulnerability_id |
VCID-9hp4-hn21-zkg8 |
| summary |
directory traversal |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.18 |
| purl |
pkg:pypi/django@2.2.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 3 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 4 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 5 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 6 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 9 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 10 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 11 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 12 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.18 |
|
| 1 |
|
| 2 |
|
|
| aliases |
BIT-django-2021-3281, CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9hp4-hn21-zkg8 |
|
| 7 |
| url |
VCID-arff-yjfe-auhp |
| vulnerability_id |
VCID-arff-yjfe-auhp |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 7 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 11 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 15 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 16 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 17 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 18 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 19 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arff-yjfe-auhp |
|
| 8 |
| url |
VCID-b81v-3drw-xudf |
| vulnerability_id |
VCID-b81v-3drw-xudf |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.16 |
| purl |
pkg:pypi/django@2.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 3 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 4 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 5 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 6 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 7 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 10 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 11 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 12 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 13 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16 |
|
| 1 |
|
| 2 |
|
|
| aliases |
BIT-django-2020-24583, CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b81v-3drw-xudf |
|
| 9 |
| url |
VCID-bbxx-48nj-pqcd |
| vulnerability_id |
VCID-bbxx-48nj-pqcd |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 6 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 7 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 8 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 9 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 10 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 11 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 12 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 15 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 2 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 4 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 5 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 6 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 7 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 8 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45115, CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbxx-48nj-pqcd |
|
| 10 |
| url |
VCID-dcv2-gx5a-pfe2 |
| vulnerability_id |
VCID-dcv2-gx5a-pfe2 |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.13 |
| purl |
pkg:pypi/django@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 2 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 3 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 4 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 5 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 6 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 7 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 8 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 11 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13 |
|
| 2 |
|
|
| aliases |
BIT-django-2022-28346, CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dcv2-gx5a-pfe2 |
|
| 11 |
| url |
VCID-dqkn-1888-y3er |
| vulnerability_id |
VCID-dqkn-1888-y3er |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.13 |
| purl |
pkg:pypi/django@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 2 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 3 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 4 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 5 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 6 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 7 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 8 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 11 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13 |
|
| 2 |
|
|
| aliases |
BIT-django-2022-28347, CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dqkn-1888-y3er |
|
| 12 |
| url |
VCID-fc6y-y2b1-v3d5 |
| vulnerability_id |
VCID-fc6y-y2b1-v3d5 |
| summary |
access restriction bypass |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.10 |
| purl |
pkg:pypi/django@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 12 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 13 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 14 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 15 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 16 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 17 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 18 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10 |
|
|
| aliases |
BIT-django-2021-44420, CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fc6y-y2b1-v3d5 |
|
| 13 |
| url |
VCID-fynq-usj6-rfd3 |
| vulnerability_id |
VCID-fynq-usj6-rfd3 |
| summary |
insufficient validation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 7 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 11 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 15 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 16 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 17 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 18 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 19 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 1 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 4 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 5 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 6 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 7 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 8 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 9 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fynq-usj6-rfd3 |
|
| 14 |
| url |
VCID-gxju-xjh2-z7bn |
| vulnerability_id |
VCID-gxju-xjh2-z7bn |
| summary |
directory traversal |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.21 |
| purl |
pkg:pypi/django@2.2.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 3 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 4 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 5 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 6 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 7 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 8 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 9 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 10 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.21 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.1 |
| purl |
pkg:pypi/django@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 15 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 16 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 17 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 18 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 19 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 20 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 21 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 22 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 23 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1 |
|
|
| aliases |
BIT-django-2021-31542, CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gxju-xjh2-z7bn |
|
| 15 |
| url |
VCID-hzcv-euwq-eqeg |
| vulnerability_id |
VCID-hzcv-euwq-eqeg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 15 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 18 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 19 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 20 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzcv-euwq-eqeg |
|
| 16 |
| url |
VCID-jzbk-uswz-8ucg |
| vulnerability_id |
VCID-jzbk-uswz-8ucg |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 6 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 7 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 8 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 9 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 10 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 11 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 12 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 15 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 2 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 4 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 5 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 6 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 7 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 8 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45116, CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jzbk-uswz-8ucg |
|
| 17 |
| url |
VCID-nxbs-37dx-rbbh |
| vulnerability_id |
VCID-nxbs-37dx-rbbh |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 15 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 18 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 19 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 20 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33571, CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nxbs-37dx-rbbh |
|
| 18 |
| url |
VCID-punr-dfy5-v3g1 |
| vulnerability_id |
VCID-punr-dfy5-v3g1 |
| summary |
directory traversal |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://pypi.org/project/Django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.org/project/Django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.20 |
| purl |
pkg:pypi/django@2.2.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 3 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 4 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 5 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 6 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 9 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 10 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 11 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.20 |
|
| 1 |
|
| 2 |
|
|
| aliases |
BIT-django-2021-28658, CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-punr-dfy5-v3g1 |
|
| 19 |
| url |
VCID-u53d-8afk-c3gq |
| vulnerability_id |
VCID-u53d-8afk-c3gq |
| summary |
url request injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.2 |
| purl |
pkg:pypi/django@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 15 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 16 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 17 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 18 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 19 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 20 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 21 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 22 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2 |
|
|
| aliases |
BIT-django-2021-32052, CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u53d-8afk-c3gq |
|
| 20 |
| url |
VCID-vr6h-ymzh-1kb2 |
| vulnerability_id |
VCID-vr6h-ymzh-1kb2 |
| summary |
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.8 |
| purl |
pkg:pypi/django@2.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 8 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 9 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 10 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 13 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 14 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 15 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 16 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 17 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 18 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 19 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 20 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 21 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8 |
|
|
| aliases |
PYSEC-2019-85
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vr6h-ymzh-1kb2 |
|
| 21 |
| url |
VCID-vyzr-dkz3-vfg6 |
| vulnerability_id |
VCID-vyzr-dkz3-vfg6 |
| summary |
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 6 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 7 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 8 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 9 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 10 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 11 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 12 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 15 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 2 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 4 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 5 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 6 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 7 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 8 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45452, CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzr-dkz3-vfg6 |
|
| 22 |
| url |
VCID-xb3c-6rew-z3ba |
| vulnerability_id |
VCID-xb3c-6rew-z3ba |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.16 |
| purl |
pkg:pypi/django@2.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 3 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 4 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 5 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 6 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 7 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 10 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 11 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 12 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 13 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16 |
|
| 1 |
|
| 2 |
|
|
| aliases |
BIT-django-2020-24584, CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xb3c-6rew-z3ba |
|
| 23 |
| url |
VCID-xu9t-qtjz-bud8 |
| vulnerability_id |
VCID-xu9t-qtjz-bud8 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 15 |
|
| 16 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.13 |
| purl |
pkg:pypi/django@2.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 3 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 4 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 5 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 6 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 7 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 8 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 9 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 10 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 11 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 12 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 13 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 14 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 15 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13 |
|
| 1 |
|
|
| aliases |
BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xu9t-qtjz-bud8 |
|