Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@2.1.10
Typepypi
Namespace
Namedjango
Version2.1.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.28
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
1
url VCID-c3m7-fu62-2qd9
vulnerability_id VCID-c3m7-fu62-2qd9
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
1
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3m7-fu62-2qd9
2
url VCID-g44a-m54u-97cr
vulnerability_id VCID-g44a-m54u-97cr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
1
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g44a-m54u-97cr
3
url VCID-gfar-wbzc-3ubr
vulnerability_id VCID-gfar-wbzc-3ubr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
4
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
6
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
9
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
10
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
1
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfar-wbzc-3ubr
4
url VCID-pgtx-cdua-kfb4
vulnerability_id VCID-pgtx-cdua-kfb4
summary Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://github.com/advisories/GHSA-hvmf-r92r-27hr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hvmf-r92r-27hr
2
reference_url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
4
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
5
reference_url https://security.netapp.com/advisory/ntap-20191217-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191217-0003/
6
reference_url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
7
reference_url http://www.openwall.com/lists/oss-security/2019/12/02/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/12/02/1
fixed_packages
0
url pkg:pypi/django@2.1.15
purl pkg:pypi/django@2.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.15
1
url pkg:pypi/django@2.2.8
purl pkg:pypi/django@2.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8
aliases CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtx-cdua-kfb4
5
url VCID-yreb-z7nz-jkbs
vulnerability_id VCID-yreb-z7nz-jkbs
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6r97-cj55-9hrq
3
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
5
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Aug/15
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
8
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4498
9
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
fixed_packages
0
url pkg:pypi/django@2.1.11
purl pkg:pypi/django@2.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-pgtx-cdua-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11
1
url pkg:pypi/django@2.2.4
purl pkg:pypi/django@2.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-pgtx-cdua-kfb4
17
vulnerability VCID-q8r2-m9s6-rbek
18
vulnerability VCID-qvfs-2v1h-p3h4
19
vulnerability VCID-u9q1-63gf-7feh
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4
aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yreb-z7nz-jkbs
Fixing_vulnerabilities
0
url VCID-3mfy-uj9u-d7de
vulnerability_id VCID-3mfy-uj9u-d7de
summary silent downgrade
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
5
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
6
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
7
reference_url https://github.com/advisories/GHSA-6c7v-2f49-8h26
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6c7v-2f49-8h26
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
10
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
13
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
14
reference_url https://security.netapp.com/advisory/ntap-20190705-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002
15
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
16
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1
17
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
18
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
19
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
20
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
21
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/07/01/3
22
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
23
reference_url https://security.archlinux.org/ASA-201907-2
reference_id ASA-201907-2
reference_type
scores
url https://security.archlinux.org/ASA-201907-2
24
reference_url https://security.archlinux.org/AVG-1000
reference_id AVG-1000
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1000
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
reference_id CVE-2019-12781
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
fixed_packages
0
url pkg:pypi/django@1.11.22
purl pkg:pypi/django@1.11.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-m4wa-xv9b-q7ce
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22
1
url pkg:pypi/django@2.1.10
purl pkg:pypi/django@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-c3m7-fu62-2qd9
2
vulnerability VCID-g44a-m54u-97cr
3
vulnerability VCID-gfar-wbzc-3ubr
4
vulnerability VCID-pgtx-cdua-kfb4
5
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10
2
url pkg:pypi/django@2.2.3
purl pkg:pypi/django@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-c3m7-fu62-2qd9
8
vulnerability VCID-drwp-htkk-bkfh
9
vulnerability VCID-fhp8-tck4-mye4
10
vulnerability VCID-fksk-pr23-2yd8
11
vulnerability VCID-g44a-m54u-97cr
12
vulnerability VCID-gfar-wbzc-3ubr
13
vulnerability VCID-hh9b-52xn-z7a9
14
vulnerability VCID-j81e-su1y-tqa6
15
vulnerability VCID-m4wa-xv9b-q7ce
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-na9w-xkvx-cbhd
18
vulnerability VCID-nss9-1yrb-x7f2
19
vulnerability VCID-pgtx-cdua-kfb4
20
vulnerability VCID-q8r2-m9s6-rbek
21
vulnerability VCID-qvfs-2v1h-p3h4
22
vulnerability VCID-u9q1-63gf-7feh
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-yreb-z7nz-jkbs
25
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3
aliases CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mfy-uj9u-d7de
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10