Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.11.25
Typepypi
Namespace
Namedjango
Version1.11.25
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.11
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-5q58-pzt4-8uey
vulnerability_id VCID-5q58-pzt4-8uey
summary Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
2
reference_url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
3
reference_url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
5
reference_url https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Feb/30
6
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
7
reference_url https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200221-0006/
8
reference_url https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4264-1/
9
reference_url https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4629
10
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
11
reference_url https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2020/02/03/1
12
reference_url http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2020/02/03/1
fixed_packages
0
url pkg:pypi/django@1.11.28
purl pkg:pypi/django@1.11.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28
1
url pkg:pypi/django@2.2.10
purl pkg:pypi/django@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-6jpg-yrf8-cufy
3
vulnerability VCID-9end-mq19-rke5
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-fhp8-tck4-mye4
8
vulnerability VCID-fksk-pr23-2yd8
9
vulnerability VCID-hh9b-52xn-z7a9
10
vulnerability VCID-j81e-su1y-tqa6
11
vulnerability VCID-m4wa-xv9b-q7ce
12
vulnerability VCID-n9vn-4uxr-hkau
13
vulnerability VCID-na9w-xkvx-cbhd
14
vulnerability VCID-nss9-1yrb-x7f2
15
vulnerability VCID-q8r2-m9s6-rbek
16
vulnerability VCID-qvfs-2v1h-p3h4
17
vulnerability VCID-u9q1-63gf-7feh
18
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10
2
url pkg:pypi/django@3.0.3
purl pkg:pypi/django@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-hh9b-52xn-z7a9
4
vulnerability VCID-m4wa-xv9b-q7ce
5
vulnerability VCID-na9w-xkvx-cbhd
6
vulnerability VCID-q8r2-m9s6-rbek
7
vulnerability VCID-qvfs-2v1h-p3h4
8
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3
aliases CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey
1
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
2
url VCID-m4wa-xv9b-q7ce
vulnerability_id VCID-m4wa-xv9b-q7ce
summary Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/3.0/releases/security/
1
reference_url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
2
reference_url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
3
reference_url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
4
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
8
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.gentoo.org/glsa/202004-17
9
reference_url https://security.netapp.com/advisory/ntap-20200327-0004/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.netapp.com/advisory/ntap-20200327-0004/
10
reference_url https://usn.ubuntu.com/4296-1/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://usn.ubuntu.com/4296-1/
11
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.debian.org/security/2020/dsa-4705
12
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
fixed_packages
0
url pkg:pypi/django@1.11.29
purl pkg:pypi/django@1.11.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.29
1
url pkg:pypi/django@2.2.11
purl pkg:pypi/django@2.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-6jpg-yrf8-cufy
3
vulnerability VCID-9end-mq19-rke5
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-attf-6gj8-ebaj
6
vulnerability VCID-drwp-htkk-bkfh
7
vulnerability VCID-fhp8-tck4-mye4
8
vulnerability VCID-fksk-pr23-2yd8
9
vulnerability VCID-hh9b-52xn-z7a9
10
vulnerability VCID-j81e-su1y-tqa6
11
vulnerability VCID-n9vn-4uxr-hkau
12
vulnerability VCID-na9w-xkvx-cbhd
13
vulnerability VCID-nss9-1yrb-x7f2
14
vulnerability VCID-q8r2-m9s6-rbek
15
vulnerability VCID-qvfs-2v1h-p3h4
16
vulnerability VCID-u9q1-63gf-7feh
17
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11
2
url pkg:pypi/django@3.0.4
purl pkg:pypi/django@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-fhp8-tck4-mye4
3
vulnerability VCID-hh9b-52xn-z7a9
4
vulnerability VCID-na9w-xkvx-cbhd
5
vulnerability VCID-q8r2-m9s6-rbek
6
vulnerability VCID-qvfs-2v1h-p3h4
7
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4
aliases CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4wa-xv9b-q7ce
3
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.25