Package Instance

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833
reference_id	CVE-2022-23833
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833

fixed_packages

url pkg:pypi/django@2.2.27

purl pkg:pypi/django@2.2.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz

url VCID-5q58-pzt4-8uey

vulnerability_id VCID-5q58-pzt4-8uey

summary Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

references

reference_url	https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.0/releases/security/

reference_url	https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-hmr4-m2h5-33qx

reference_url	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
url	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136

reference_url	https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

reference_url	https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Feb/30

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200221-0006/

reference_url	https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4264-1/

reference_url	https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4629

reference_url	https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2020/feb/03/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/02/03/1

reference_url	http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/02/03/1

fixed_packages

url pkg:pypi/django@2.2.10

purl pkg:pypi/django@2.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10

url pkg:pypi/django@3.0.3

purl pkg:pypi/django@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3

aliases CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey

url VCID-6jpg-yrf8-cufy

vulnerability_id VCID-6jpg-yrf8-cufy

summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-53qw-q765-4fww

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277

reference_url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20

reference_url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id	CVE-2021-45115
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115

fixed_packages

url pkg:pypi/django@2.2.26

purl pkg:pypi/django@2.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy

url VCID-9end-mq19-rke5

vulnerability_id VCID-9end-mq19-rke5

summary Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-jrh2-hc4r-7jwx

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1

reference_url	https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b

reference_url	https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45452
reference_id	CVE-2021-45452
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45452

fixed_packages

url pkg:pypi/django@2.2.26

purl pkg:pypi/django@2.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5

url VCID-9mpt-zxaw-kkeg

vulnerability_id VCID-9mpt-zxaw-kkeg

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

fixed_packages

url pkg:pypi/django@2.2.24

purl pkg:pypi/django@2.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24

url pkg:pypi/django@3.1.12

purl pkg:pypi/django@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-n9vn-4uxr-hkau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12

url pkg:pypi/django@3.2.4

purl pkg:pypi/django@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4

aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg

url VCID-attf-6gj8-ebaj

vulnerability_id VCID-attf-6gj8-ebaj

summary

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-95rw-fx8r-36v6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-95rw-fx8r-36v6

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5

reference_url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2

reference_url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220221-0003

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

reference_url

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
reference_id	CVE-2022-22818
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818

fixed_packages

url pkg:pypi/django@2.2.27

purl pkg:pypi/django@2.2.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj

url VCID-c3m7-fu62-2qd9

vulnerability_id VCID-c3m7-fu62-2qd9

summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-c4qh-4vgv-qc6g

reference_url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/

reference_url	https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/15

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190828-0002/

reference_url	https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4498

reference_url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/

fixed_packages

url pkg:pypi/django@2.2.4

purl pkg:pypi/django@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4

aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3m7-fu62-2qd9

url VCID-drwp-htkk-bkfh

vulnerability_id VCID-drwp-htkk-bkfh

summary sql injection

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-w24h-v9qh-8gxj
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-w24h-v9qh-8gxj

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
reference_id
reference_type
scores
url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402

reference_url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5

reference_url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81

reference_url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://docs.djangoproject.com/en/3.0/releases/security/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347
reference_id	CVE-2022-28347
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347

fixed_packages

url	pkg:pypi/django@2.2.28
purl	pkg:pypi/django@2.2.28
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh

url VCID-fhp8-tck4-mye4

vulnerability_id VCID-fhp8-tck4-mye4

summary In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

references

reference_url	https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.1/releases/security/

reference_url	https://github.com/advisories/GHSA-xgxc-v2qg-chmh
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-xgxc-v2qg-chmh

reference_url	https://groups.google.com/g/django-announce/c/ePr5j-ngdPU
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce/c/ePr5j-ngdPU

reference_url	https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url	https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

fixed_packages

url pkg:pypi/django@2.2.20

purl pkg:pypi/django@2.2.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.20

url pkg:pypi/django@3.0.14

purl pkg:pypi/django@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.14

url pkg:pypi/django@3.1.8

purl pkg:pypi/django@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8

aliases CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4

url VCID-fksk-pr23-2yd8

vulnerability_id VCID-fksk-pr23-2yd8

summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-8c5j-9r9f-c6w8

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489

reference_url	https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16

reference_url	https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45116
reference_id	CVE-2021-45116
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45116

fixed_packages

url pkg:pypi/django@2.2.26

purl pkg:pypi/django@2.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8

url VCID-g44a-m54u-97cr

vulnerability_id VCID-g44a-m54u-97cr

summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-v9qg-3j8p-r63v

reference_url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/

reference_url	https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/15

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190828-0002/

reference_url	https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4498

reference_url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/

fixed_packages

url pkg:pypi/django@2.2.4

purl pkg:pypi/django@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4

aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g44a-m54u-97cr

url VCID-gfar-wbzc-3ubr

vulnerability_id VCID-gfar-wbzc-3ubr

summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-h5jv-4p7w-64jg

reference_url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/

reference_url	https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/15

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190828-0002/

reference_url	https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4498

reference_url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/

fixed_packages

url pkg:pypi/django@2.2.4

purl pkg:pypi/django@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4

aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfar-wbzc-3ubr

url VCID-hh9b-52xn-z7a9

vulnerability_id VCID-hh9b-52xn-z7a9

summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

references

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-fr28-569j-53c4
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-fr28-569j-53c4

reference_url	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM

reference_url	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/

reference_url	https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200918-0004/

reference_url	https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4479-1/

reference_url	https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2020/sep/01/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/09/01/2

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

fixed_packages

url pkg:pypi/django@2.2.16

purl pkg:pypi/django@2.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16

url pkg:pypi/django@3.0.10

purl pkg:pypi/django@3.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10

url pkg:pypi/django@3.1.1

purl pkg:pypi/django@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1

aliases CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9

url VCID-j81e-su1y-tqa6

vulnerability_id VCID-j81e-su1y-tqa6

summary In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-rxjp-mfm9-w4wr

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url	https://www.djangoproject.com/weblog/2021/may/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/may/04/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2021/05/04/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/04/3

fixed_packages

url pkg:pypi/django@2.2.21

purl pkg:pypi/django@2.2.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.21

url pkg:pypi/django@3.1.9

purl pkg:pypi/django@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9

url pkg:pypi/django@3.2.1

purl pkg:pypi/django@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z4x1-e7tp-rqhz

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1

aliases CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6

url VCID-m4wa-xv9b-q7ce

vulnerability_id VCID-m4wa-xv9b-q7ce

summary Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://docs.djangoproject.com/en/3.0/releases/security/

reference_url	https://github.com/advisories/GHSA-3gh2-xw74-jmcw
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-3gh2-xw74-jmcw

reference_url

https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY

reference_url	https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

reference_url

https://security.gentoo.org/glsa/202004-17

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://security.gentoo.org/glsa/202004-17

reference_url

https://security.netapp.com/advisory/ntap-20200327-0004/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://security.netapp.com/advisory/ntap-20200327-0004/

reference_url

https://usn.ubuntu.com/4296-1/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://usn.ubuntu.com/4296-1/

reference_url

https://www.debian.org/security/2020/dsa-4705

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://www.debian.org/security/2020/dsa-4705

reference_url

https://www.djangoproject.com/weblog/2020/mar/04/security-releases/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://www.djangoproject.com/weblog/2020/mar/04/security-releases/

fixed_packages

url pkg:pypi/django@2.2.11

purl pkg:pypi/django@2.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11

url pkg:pypi/django@3.0.4

purl pkg:pypi/django@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4

aliases CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4wa-xv9b-q7ce

url VCID-n9vn-4uxr-hkau

vulnerability_id VCID-n9vn-4uxr-hkau

summary In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20211229-0006
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20211229-0006

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2021/12/07/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2021/12/07/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420
reference_id	CVE-2021-44420
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420

fixed_packages

url pkg:pypi/django@2.2.25

purl pkg:pypi/django@2.2.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.25

url	pkg:pypi/django@3.1.14
purl	pkg:pypi/django@3.1.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14

url pkg:pypi/django@3.2.10

purl pkg:pypi/django@3.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10

aliases CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau

url VCID-na9w-xkvx-cbhd

vulnerability_id VCID-na9w-xkvx-cbhd

summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

references

reference_url	https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.0/releases/security/

reference_url	https://github.com/advisories/GHSA-wpjr-j57x-wxfw
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-wpjr-j57x-wxfw

reference_url	https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
url	https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ

reference_url	https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

reference_url	https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200611-0002/

reference_url	https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4381-1/

reference_url	https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4381-2/

reference_url	https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4705

reference_url	https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2020/jun/03/security-releases/

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

fixed_packages

url pkg:pypi/django@2.2.13

purl pkg:pypi/django@2.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13

url pkg:pypi/django@3.0.7

purl pkg:pypi/django@3.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7

aliases CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd

url VCID-nss9-1yrb-x7f2

vulnerability_id VCID-nss9-1yrb-x7f2

summary sql injection

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-2gwj-7jmv-h26r
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-2gwj-7jmv-h26r

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48

reference_url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d

reference_url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
reference_id
reference_type
scores
url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60

reference_url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
reference_id
reference_type
scores
url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20220609-0002
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220609-0002

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1080

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346
reference_id	CVE-2022-28346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346

fixed_packages

url	pkg:pypi/django@2.2.28
purl	pkg:pypi/django@2.2.28
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2

url VCID-pgtx-cdua-kfb4

vulnerability_id VCID-pgtx-cdua-kfb4

summary Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)

references

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-hvmf-r92r-27hr
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-hvmf-r92r-27hr

reference_url	https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20191217-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191217-0003/

reference_url	https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/dec/02/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2019/12/02/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/12/02/1

fixed_packages

url pkg:pypi/django@2.2.8

purl pkg:pypi/django@2.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8

aliases CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtx-cdua-kfb4

url VCID-q8r2-m9s6-rbek

vulnerability_id VCID-q8r2-m9s6-rbek

summary In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

references

reference_url	https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.1/releases/security/

reference_url	https://github.com/advisories/GHSA-fvgf-6h6h-3322
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-fvgf-6h6h-3322

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/

reference_url	https://security.netapp.com/advisory/ntap-20210226-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210226-0004/

reference_url	https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/feb/01/security-releases/

fixed_packages

url pkg:pypi/django@2.2.18

purl pkg:pypi/django@2.2.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.18

url pkg:pypi/django@3.0.12

purl pkg:pypi/django@3.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.12

url pkg:pypi/django@3.1.6

purl pkg:pypi/django@3.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6

aliases CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek

url VCID-qvfs-2v1h-p3h4

vulnerability_id VCID-qvfs-2v1h-p3h4

summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

references

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-m6gj-h9gm-gw44
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-m6gj-h9gm-gw44

reference_url	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM

reference_url	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/

reference_url	https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200918-0004/

reference_url	https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4479-1/

reference_url	https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2020/sep/01/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/09/01/2

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

fixed_packages

url pkg:pypi/django@2.2.16

purl pkg:pypi/django@2.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16

url pkg:pypi/django@3.0.10

purl pkg:pypi/django@3.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10

url pkg:pypi/django@3.1.1

purl pkg:pypi/django@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1

aliases CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4

url VCID-u9q1-63gf-7feh

vulnerability_id VCID-u9q1-63gf-7feh

summary In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-qm57-vhq3-3fwf
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-qm57-vhq3-3fwf

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2021/05/06/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/06/1

fixed_packages

url pkg:pypi/django@2.2.22

purl pkg:pypi/django@2.2.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.22

url pkg:pypi/django@3.1.10

purl pkg:pypi/django@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.10

url pkg:pypi/django@3.2.2

purl pkg:pypi/django@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z4x1-e7tp-rqhz

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2

aliases CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh

url VCID-vdpf-jddk-syda

vulnerability_id VCID-vdpf-jddk-syda

summary insufficient validation

references

reference_url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6

reference_url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/

reference_url	https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Jan/9

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200110-0003/

reference_url	https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4224-1/

reference_url	https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4598

reference_url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

reference_url

reference_id

AVG-1080

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1080

fixed_packages

url pkg:pypi/django@2.2.9

purl pkg:pypi/django@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9

aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda

url VCID-yreb-z7nz-jkbs

vulnerability_id VCID-yreb-z7nz-jkbs

summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-6r97-cj55-9hrq

reference_url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/

reference_url	https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/15

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190828-0002/

reference_url	https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4498

reference_url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/aug/01/security-releases/

fixed_packages

url pkg:pypi/django@2.2.4

purl pkg:pypi/django@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4

aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yreb-z7nz-jkbs

url VCID-z4x1-e7tp-rqhz

vulnerability_id VCID-z4x1-e7tp-rqhz

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-p99v-5w3c-jqq9
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-p99v-5w3c-jqq9

reference_url	https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url