Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.11a1
Typepypi
Namespace
Namedjango
Version1.11a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.19
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
1
url VCID-c58g-7jpv-t7hc
vulnerability_id VCID-c58g-7jpv-t7hc
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0051
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0051
2
reference_url https://access.redhat.com/errata/RHSA-2019:0082
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0082
3
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0265
4
reference_url https://github.com/advisories/GHSA-r28v-mw67-m5p9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r28v-mw67-m5p9
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
reference_id
reference_type
scores
url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
7
reference_url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
reference_id
reference_type
scores
url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
8
reference_url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
reference_id
reference_type
scores
url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
11
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1
12
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
13
reference_url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
14
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4161
15
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
16
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
17
reference_url http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103361
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
reference_id CVE-2018-7536
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
fixed_packages
0
url pkg:pypi/django@1.11.11
purl pkg:pypi/django@1.11.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-3mfy-uj9u-d7de
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c3m7-fu62-2qd9
5
vulnerability VCID-f1br-hvnm-wfdg
6
vulnerability VCID-g44a-m54u-97cr
7
vulnerability VCID-gfar-wbzc-3ubr
8
vulnerability VCID-kbab-v2gz-dfe6
9
vulnerability VCID-m4wa-xv9b-q7ce
10
vulnerability VCID-t952-ghnf-jkby
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11
1
url pkg:pypi/django@2.0.3
purl pkg:pypi/django@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-f1br-hvnm-wfdg
3
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3
aliases CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c58g-7jpv-t7hc
2
url VCID-f1br-hvnm-wfdg
vulnerability_id VCID-f1br-hvnm-wfdg
summary In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
1
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
2
reference_url https://github.com/advisories/GHSA-337x-4q8g-prc5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-337x-4q8g-prc5
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
5
reference_url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
6
reference_url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
9
reference_url https://usn.ubuntu.com/3851-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1
10
reference_url https://usn.ubuntu.com/3851-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1/
11
reference_url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
12
reference_url https://www.debian.org/security/2019/dsa-4363
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4363
13
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
14
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
15
reference_url http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106453
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
reference_id CVE-2019-3498
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
fixed_packages
0
url pkg:pypi/django@1.11.18
purl pkg:pypi/django@1.11.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-5q58-pzt4-8uey
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c3m7-fu62-2qd9
4
vulnerability VCID-g44a-m54u-97cr
5
vulnerability VCID-gfar-wbzc-3ubr
6
vulnerability VCID-kbab-v2gz-dfe6
7
vulnerability VCID-m4wa-xv9b-q7ce
8
vulnerability VCID-t952-ghnf-jkby
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18
1
url pkg:pypi/django@2.0.10
purl pkg:pypi/django@2.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-t952-ghnf-jkby
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10
2
url pkg:pypi/django@2.1.5
purl pkg:pypi/django@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-kbab-v2gz-dfe6
6
vulnerability VCID-pgtx-cdua-kfb4
7
vulnerability VCID-t952-ghnf-jkby
8
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5
aliases CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg
3
url VCID-hpj4-a9fa-4bca
vulnerability_id VCID-hpj4-a9fa-4bca
summary In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
references
0
reference_url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
1
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
2
reference_url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
reference_id
reference_type
scores
url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
3
reference_url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
reference_id
reference_type
scores
url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
5
reference_url https://usn.ubuntu.com/3559-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1
6
reference_url https://usn.ubuntu.com/3559-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1/
7
reference_url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
8
reference_url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
9
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
10
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
11
reference_url http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100643
12
reference_url http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039264
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
reference_id CVE-2017-12794
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
fixed_packages
0
url pkg:pypi/django@1.11.5
purl pkg:pypi/django@1.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-322v-ntsv-7uge
1
vulnerability VCID-3mfy-uj9u-d7de
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c3m7-fu62-2qd9
5
vulnerability VCID-c58g-7jpv-t7hc
6
vulnerability VCID-f1br-hvnm-wfdg
7
vulnerability VCID-g44a-m54u-97cr
8
vulnerability VCID-gfar-wbzc-3ubr
9
vulnerability VCID-kbab-v2gz-dfe6
10
vulnerability VCID-m4wa-xv9b-q7ce
11
vulnerability VCID-t952-ghnf-jkby
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-x61x-6b6k-h3bn
14
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5
aliases CVE-2017-12794, GHSA-9r8w-6x8c-6jr9, PYSEC-2017-44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca
4
url VCID-kbab-v2gz-dfe6
vulnerability_id VCID-kbab-v2gz-dfe6
summary An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21
3
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21/
4
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9
5
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9/
6
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2
7
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2/
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
12
reference_url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
reference_id
reference_type
scores
url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
13
reference_url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
reference_id
reference_type
scores
url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
14
reference_url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
reference_id
reference_type
scores
url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
16
reference_url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
17
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
18
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
21
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jul/10
22
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
23
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1
24
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
25
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4476
26
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
27
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
28
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/06/03/2
29
reference_url http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108559
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
reference_id CVE-2019-12308
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
fixed_packages
0
url pkg:pypi/django@1.11.21
purl pkg:pypi/django@1.11.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-5q58-pzt4-8uey
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c3m7-fu62-2qd9
4
vulnerability VCID-g44a-m54u-97cr
5
vulnerability VCID-gfar-wbzc-3ubr
6
vulnerability VCID-m4wa-xv9b-q7ce
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21
1
url pkg:pypi/django@2.1.9
purl pkg:pypi/django@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c3m7-fu62-2qd9
3
vulnerability VCID-g44a-m54u-97cr
4
vulnerability VCID-gfar-wbzc-3ubr
5
vulnerability VCID-pgtx-cdua-kfb4
6
vulnerability VCID-yreb-z7nz-jkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9
2
url pkg:pypi/django@2.2.2
purl pkg:pypi/django@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mfy-uj9u-d7de
1
vulnerability VCID-4cp2-k4mn-8ffj
2
vulnerability VCID-51tx-4tp9-kbcz
3
vulnerability VCID-5q58-pzt4-8uey
4
vulnerability VCID-6jpg-yrf8-cufy
5
vulnerability VCID-9end-mq19-rke5
6
vulnerability VCID-9mpt-zxaw-kkeg
7
vulnerability VCID-attf-6gj8-ebaj
8
vulnerability VCID-c3m7-fu62-2qd9
9
vulnerability VCID-drwp-htkk-bkfh
10
vulnerability VCID-fhp8-tck4-mye4
11
vulnerability VCID-fksk-pr23-2yd8
12
vulnerability VCID-g44a-m54u-97cr
13
vulnerability VCID-gfar-wbzc-3ubr
14
vulnerability VCID-hh9b-52xn-z7a9
15
vulnerability VCID-j81e-su1y-tqa6
16
vulnerability VCID-m4wa-xv9b-q7ce
17
vulnerability VCID-n9vn-4uxr-hkau
18
vulnerability VCID-na9w-xkvx-cbhd
19
vulnerability VCID-nss9-1yrb-x7f2
20
vulnerability VCID-pgtx-cdua-kfb4
21
vulnerability VCID-q8r2-m9s6-rbek
22
vulnerability VCID-qvfs-2v1h-p3h4
23
vulnerability VCID-u9q1-63gf-7feh
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-yreb-z7nz-jkbs
26
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2
aliases CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6
5
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11a1