Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/16542?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/16542?format=api", "purl": "pkg:pypi/django@3.0.5", "type": "pypi", "namespace": "", "name": "django", "version": "3.0.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.1.14", "latest_non_vulnerable_version": "5.0.14", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35569?format=api", "vulnerability_id": "VCID-4cp2-k4mn-8ffj", "summary": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-2m34-jcjv-45xf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2m34-jcjv-45xf" }, { "reference_url": "https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200611-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200611-0002/" }, { "reference_url": "https://usn.ubuntu.com/4381-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4381-1/" }, { "reference_url": "https://usn.ubuntu.com/4381-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4381-2/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4705" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16545?format=api", "purl": "pkg:pypi/django@3.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-hh9b-52xn-z7a9" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-qvfs-2v1h-p3h4" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7" } ], "aliases": [ "CVE-2020-13596", "GHSA-2m34-jcjv-45xf", "PYSEC-2020-32" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=api", "vulnerability_id": "VCID-9mpt-zxaw-kkeg", "summary": "multiple issues", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22502?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/22503?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29qk-rv5n-efbm" }, { "vulnerability": "VCID-2n2n-1fq2-7bbs" }, { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-4z4e-8ttu-tyd6" }, { "vulnerability": "VCID-51tx-4tp9-kbcz" }, { "vulnerability": "VCID-6jpg-yrf8-cufy" }, { "vulnerability": "VCID-9end-mq19-rke5" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-attf-6gj8-ebaj" }, { "vulnerability": "VCID-au8h-vj9k-pufv" }, { "vulnerability": "VCID-drwp-htkk-bkfh" }, { "vulnerability": "VCID-f4a7-tcz5-byfj" }, { "vulnerability": "VCID-fksk-pr23-2yd8" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-m1dr-sjmw-jfd2" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-nss9-1yrb-x7f2" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" }, { "vulnerability": "VCID-yuda-1mur-8bbq" }, { "vulnerability": "VCID-z6tf-z1y9-cydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "CVE-2021-33203", "GHSA-68w8-qjq3-2gfm", "PYSEC-2021-98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35768?format=api", "vulnerability_id": "VCID-fhp8-tck4-mye4", "summary": "In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.1/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.1/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-xgxc-v2qg-chmh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xgxc-v2qg-chmh" }, { "reference_url": "https://groups.google.com/g/django-announce/c/ePr5j-ngdPU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce/c/ePr5j-ngdPU" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/apr/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/apr/06/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20557?format=api", "purl": "pkg:pypi/django@3.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/20558?format=api", "purl": "pkg:pypi/django@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-j81e-su1y-tqa6" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-u9q1-63gf-7feh" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8" } ], "aliases": [ "CVE-2021-28658", "GHSA-xgxc-v2qg-chmh", "PYSEC-2021-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35612?format=api", "vulnerability_id": "VCID-hh9b-52xn-z7a9", "summary": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-fr28-569j-53c4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fr28-569j-53c4" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200918-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200918-0004/" }, { "reference_url": "https://usn.ubuntu.com/4479-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4479-1/" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/sep/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/sep/01/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/09/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2020/09/01/2" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18190?format=api", "purl": "pkg:pypi/django@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/18191?format=api", "purl": "pkg:pypi/django@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-j81e-su1y-tqa6" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-u9q1-63gf-7feh" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1" } ], "aliases": [ "CVE-2020-24584", "GHSA-fr28-569j-53c4", "PYSEC-2020-34" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35570?format=api", "vulnerability_id": "VCID-na9w-xkvx-cbhd", "summary": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-wpjr-j57x-wxfw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpjr-j57x-wxfw" }, { "reference_url": "https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200611-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200611-0002/" }, { "reference_url": "https://usn.ubuntu.com/4381-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4381-1/" }, { "reference_url": "https://usn.ubuntu.com/4381-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4381-2/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4705" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16545?format=api", "purl": "pkg:pypi/django@3.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-hh9b-52xn-z7a9" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-qvfs-2v1h-p3h4" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7" } ], "aliases": [ "CVE-2020-13254", "GHSA-wpjr-j57x-wxfw", "PYSEC-2020-31" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35716?format=api", "vulnerability_id": "VCID-q8r2-m9s6-rbek", "summary": "In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.1/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.1/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-fvgf-6h6h-3322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fvgf-6h6h-3322" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210226-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210226-0004/" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/feb/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/feb/01/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19837?format=api", "purl": "pkg:pypi/django@3.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/19838?format=api", "purl": "pkg:pypi/django@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-j81e-su1y-tqa6" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-u9q1-63gf-7feh" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6" } ], "aliases": [ "CVE-2021-3281", "GHSA-fvgf-6h6h-3322", "PYSEC-2021-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35613?format=api", "vulnerability_id": "VCID-qvfs-2v1h-p3h4", "summary": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-m6gj-h9gm-gw44", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m6gj-h9gm-gw44" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200918-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200918-0004/" }, { "reference_url": "https://usn.ubuntu.com/4479-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4479-1/" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/sep/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/sep/01/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/09/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2020/09/01/2" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18190?format=api", "purl": "pkg:pypi/django@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/18191?format=api", "purl": "pkg:pypi/django@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-fhp8-tck4-mye4" }, { "vulnerability": "VCID-j81e-su1y-tqa6" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-q8r2-m9s6-rbek" }, { "vulnerability": "VCID-u9q1-63gf-7feh" }, { "vulnerability": "VCID-z4x1-e7tp-rqhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1" } ], "aliases": [ "CVE-2020-24583", "GHSA-m6gj-h9gm-gw44", "PYSEC-2020-33" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7346?format=api", "vulnerability_id": "VCID-z4x1-e7tp-rqhz", "summary": "multiple issues", "references": [ { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://github.com/advisories/GHSA-p99v-5w3c-jqq9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p99v-5w3c-jqq9" }, { "reference_url": "https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22502?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/22503?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29qk-rv5n-efbm" }, { "vulnerability": "VCID-2n2n-1fq2-7bbs" }, { "vulnerability": "VCID-4pb2-tqru-uufs" }, { "vulnerability": "VCID-4z4e-8ttu-tyd6" }, { "vulnerability": "VCID-51tx-4tp9-kbcz" }, { "vulnerability": "VCID-6jpg-yrf8-cufy" }, { "vulnerability": "VCID-9end-mq19-rke5" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-attf-6gj8-ebaj" }, { "vulnerability": "VCID-au8h-vj9k-pufv" }, { "vulnerability": "VCID-drwp-htkk-bkfh" }, { "vulnerability": "VCID-f4a7-tcz5-byfj" }, { "vulnerability": "VCID-fksk-pr23-2yd8" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-m1dr-sjmw-jfd2" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-n9vn-4uxr-hkau" }, { "vulnerability": "VCID-nss9-1yrb-x7f2" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" }, { "vulnerability": "VCID-yuda-1mur-8bbq" }, { "vulnerability": "VCID-z6tf-z1y9-cydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "CVE-2021-33571", "GHSA-p99v-5w3c-jqq9", "PYSEC-2021-99" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.5" }