| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-29qk-rv5n-efbm |
| vulnerability_id |
VCID-29qk-rv5n-efbm |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 1 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 2 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 3 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 6 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 9 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 10 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 13 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 14 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 1 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 2 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 3 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 4 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 7 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 8 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 9 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-29qk-rv5n-efbm |
|
| 1 |
| url |
VCID-4cp2-k4mn-8ffj |
| vulnerability_id |
VCID-4cp2-k4mn-8ffj |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2m34-jcjv-45xf |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.7 |
| purl |
pkg:pypi/django@3.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 8 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 9 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 10 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 11 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 14 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 15 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7 |
|
|
| aliases |
BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj |
|
| 2 |
| url |
VCID-4pb2-tqru-uufs |
| vulnerability_id |
VCID-4pb2-tqru-uufs |
| summary |
insufficient validation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.5 |
| purl |
pkg:pypi/django@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 4 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 5 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 6 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 7 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 8 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 9 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 12 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 13 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 14 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 15 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 16 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 17 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 18 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 19 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 20 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 23 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 24 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.5 |
|
|
| aliases |
BIT-django-2021-35042, CVE-2021-35042, GHSA-xpfp-f569-q3p2, PYSEC-2021-109
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4pb2-tqru-uufs |
|
| 3 |
| url |
VCID-4tyd-97z5-z3ar |
| vulnerability_id |
VCID-4tyd-97z5-z3ar |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ft7-rbey-kuhx |
|
| 1 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 2 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 3 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 4 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 5 |
| vulnerability |
VCID-9kvc-1bdz-n3bd |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 10 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 11 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 12 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 13 |
| vulnerability |
VCID-pa7y-gpwp-6qgj |
|
| 14 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 15 |
| vulnerability |
VCID-qy1a-x3ff-4bc8 |
|
| 16 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 17 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 18 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 19 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 20 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 21 |
| vulnerability |
VCID-ud73-4t2c-n3at |
|
| 22 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 23 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 24 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 25 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ft7-rbey-kuhx |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-9kvc-1bdz-n3bd |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 8 |
| vulnerability |
VCID-pa7y-gpwp-6qgj |
|
| 9 |
| vulnerability |
VCID-qw15-2kq7-wqed |
|
| 10 |
| vulnerability |
VCID-qy1a-x3ff-4bc8 |
|
| 11 |
| vulnerability |
VCID-ud73-4t2c-n3at |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tyd-97z5-z3ar |
|
| 4 |
| url |
VCID-9mpt-zxaw-kkeg |
| vulnerability_id |
VCID-9mpt-zxaw-kkeg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 5 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 6 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 7 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 8 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 9 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 10 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 13 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 14 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 15 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 16 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 17 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 18 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 19 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 20 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 21 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 24 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 25 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg |
|
| 5 |
| url |
VCID-bb8b-hq41-s7a6 |
| vulnerability_id |
VCID-bb8b-hq41-s7a6 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 19 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 5 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 6 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 9 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 10 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 11 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 12 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 13 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 14 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 15 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 16 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 17 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 18 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 19 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 20 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6 |
|
| 6 |
| url |
VCID-fhp8-tck4-mye4 |
| vulnerability_id |
VCID-fhp8-tck4-mye4 |
| summary |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://pypi.org/project/Django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.org/project/Django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.14 |
| purl |
pkg:pypi/django@3.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 7 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 8 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 9 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 10 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.14 |
|
| 1 |
| url |
pkg:pypi/django@3.1.8 |
| purl |
pkg:pypi/django@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 7 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 8 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 9 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 10 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 11 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8 |
|
|
| aliases |
BIT-django-2021-28658, CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4 |
|
| 7 |
| url |
VCID-ga69-9y5g-77c3 |
| vulnerability_id |
VCID-ga69-9y5g-77c3 |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 4 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 5 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 6 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 7 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 8 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 9 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 10 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 11 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 12 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 13 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 14 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 4 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 5 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64458, CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ga69-9y5g-77c3 |
|
| 8 |
| url |
VCID-hh9b-52xn-z7a9 |
| vulnerability_id |
VCID-hh9b-52xn-z7a9 |
| summary |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.10 |
| purl |
pkg:pypi/django@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 13 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10 |
|
| 1 |
| url |
pkg:pypi/django@3.1.1 |
| purl |
pkg:pypi/django@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 10 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 14 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1 |
|
|
| aliases |
BIT-django-2020-24584, CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9 |
|
| 9 |
| url |
VCID-j81e-su1y-tqa6 |
| vulnerability_id |
VCID-j81e-su1y-tqa6 |
| summary |
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.1.9 |
| purl |
pkg:pypi/django@3.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 7 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 8 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 9 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 10 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9 |
|
| 1 |
| url |
pkg:pypi/django@3.2.1 |
| purl |
pkg:pypi/django@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 5 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 6 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 7 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 10 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 11 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 12 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 13 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 14 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 15 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 16 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 19 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 20 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 21 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 22 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 23 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 24 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 25 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 26 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 27 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
| 28 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1 |
|
|
| aliases |
BIT-django-2021-31542, CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6 |
|
| 10 |
| url |
VCID-n9vn-4uxr-hkau |
| vulnerability_id |
VCID-n9vn-4uxr-hkau |
| summary |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.10 |
| purl |
pkg:pypi/django@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 4 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 5 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 6 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 7 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 8 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 9 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 12 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 13 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 14 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 15 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 16 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 17 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 18 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 19 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 20 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 21 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 22 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 23 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10 |
|
|
| aliases |
BIT-django-2021-44420, CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau |
|
| 11 |
| url |
VCID-na9w-xkvx-cbhd |
| vulnerability_id |
VCID-na9w-xkvx-cbhd |
| summary |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://usn.ubuntu.com/4381-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-1 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4381-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4381-2 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.7 |
| purl |
pkg:pypi/django@3.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 8 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 9 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 10 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 11 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 14 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 15 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7 |
|
|
| aliases |
BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd |
|
| 12 |
| url |
VCID-q8r2-m9s6-rbek |
| vulnerability_id |
VCID-q8r2-m9s6-rbek |
| summary |
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.12 |
| purl |
pkg:pypi/django@3.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 10 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 11 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 12 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.12 |
|
| 1 |
| url |
pkg:pypi/django@3.1.6 |
| purl |
pkg:pypi/django@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 13 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6 |
|
|
| aliases |
BIT-django-2021-3281, CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek |
|
| 13 |
| url |
VCID-qvfs-2v1h-p3h4 |
| vulnerability_id |
VCID-qvfs-2v1h-p3h4 |
| summary |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4479-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4479-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.10 |
| purl |
pkg:pypi/django@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 13 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10 |
|
| 1 |
| url |
pkg:pypi/django@3.1.1 |
| purl |
pkg:pypi/django@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 10 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 14 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1 |
|
|
| aliases |
BIT-django-2020-24583, CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4 |
|
| 14 |
| url |
VCID-whgc-pt2s-77ar |
| vulnerability_id |
VCID-whgc-pt2s-77ar |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 4 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 5 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 6 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 7 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 8 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 9 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 10 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 11 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 12 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 13 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 14 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 4 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 5 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar |
|
| 15 |
| url |
VCID-wnxx-rc7w-cke4 |
| vulnerability_id |
VCID-wnxx-rc7w-cke4 |
| summary |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
When the attacker can separate query parameters using a semicolon (`;`), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.0.13 |
| purl |
pkg:pypi/django@3.0.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 10 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 11 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.13 |
|
| 1 |
| url |
pkg:pypi/django@3.1a1 |
| purl |
pkg:pypi/django@3.1a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 12 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1a1 |
|
| 2 |
| url |
pkg:pypi/django@3.1.7 |
| purl |
pkg:pypi/django@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 8 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 9 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 12 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.7 |
|
| 3 |
| url |
pkg:pypi/django@3.2a1 |
| purl |
pkg:pypi/django@3.2a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 5 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 6 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 7 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 12 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 13 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 14 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 15 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
| 16 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2a1 |
|
|
| aliases |
CVE-2021-23336
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wnxx-rc7w-cke4 |
|
| 16 |
| url |
VCID-ynt9-h6ww-h7e9 |
| vulnerability_id |
VCID-ynt9-h6ww-h7e9 |
| summary |
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 5 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 6 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 9 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 10 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 11 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 12 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 13 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 14 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 15 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 16 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 17 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 18 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 19 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 20 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9 |
|
| 17 |
| url |
VCID-z4x1-e7tp-rqhz |
| vulnerability_id |
VCID-z4x1-e7tp-rqhz |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 5 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 6 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 7 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 8 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 9 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 10 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 13 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 14 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 15 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 16 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 17 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 18 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 19 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 20 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 21 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 24 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 25 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33571, CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz |
|
|
|---|