Package Instance

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833
reference_id	CVE-2022-23833
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23833

fixed_packages

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz

url VCID-6jpg-yrf8-cufy

vulnerability_id VCID-6jpg-yrf8-cufy

summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-53qw-q765-4fww

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277

reference_url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20

reference_url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id	CVE-2021-45115
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115

fixed_packages

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy

url VCID-9end-mq19-rke5

vulnerability_id VCID-9end-mq19-rke5

summary Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-jrh2-hc4r-7jwx

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1

reference_url	https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b

reference_url	https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45452
reference_id	CVE-2021-45452
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45452

fixed_packages

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5

url VCID-9mpt-zxaw-kkeg

vulnerability_id VCID-9mpt-zxaw-kkeg

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

fixed_packages

url pkg:pypi/django@3.2.4

purl pkg:pypi/django@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4

aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg

url VCID-am3f-c5ex-8ff2

vulnerability_id VCID-am3f-c5ex-8ff2

summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f

reference_url	https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e

reference_url	https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231214-0001

reference_url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id	CVE-2023-46695
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-46695

reference_url	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id	GHSA-qmf9-6jqf-j8fq
reference_type
scores
url	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq

fixed_packages

url pkg:pypi/django@3.2.23

purl pkg:pypi/django@3.2.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23

url	pkg:pypi/django@4.1.13
purl	pkg:pypi/django@4.1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13

url pkg:pypi/django@4.2.7

purl pkg:pypi/django@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7

aliases CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am3f-c5ex-8ff2

url VCID-attf-6gj8-ebaj

vulnerability_id VCID-attf-6gj8-ebaj

summary

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-95rw-fx8r-36v6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-95rw-fx8r-36v6

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5

reference_url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2

reference_url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220221-0003

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

reference_url

reference_id

AVG-2808

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818
reference_id	CVE-2022-22818
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-22818

fixed_packages

url pkg:pypi/django@3.2.12

purl pkg:pypi/django@3.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12

url pkg:pypi/django@4.0.2

purl pkg:pypi/django@4.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2

aliases CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj

url VCID-au8h-vj9k-pufv

vulnerability_id VCID-au8h-vj9k-pufv

summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

references

reference_url	https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security

reference_url	https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.1/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95

reference_url	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942

reference_url	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230302-0007

reference_url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/feb/01/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id	CVE-2023-23969
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-23969

reference_url	https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id	GHSA-q2jf-h9jm-m7p4
reference_type
scores
url	https://github.com/advisories/GHSA-q2jf-h9jm-m7p4

fixed_packages

url pkg:pypi/django@3.2.17

purl pkg:pypi/django@3.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.17

url pkg:pypi/django@4.0.9

purl pkg:pypi/django@4.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.9

url pkg:pypi/django@4.1.6

purl pkg:pypi/django@4.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6

aliases CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-au8h-vj9k-pufv

url VCID-drwp-htkk-bkfh

vulnerability_id VCID-drwp-htkk-bkfh

summary sql injection

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-w24h-v9qh-8gxj
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-w24h-v9qh-8gxj

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
reference_id
reference_type
scores
url	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402

reference_url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5

reference_url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81

reference_url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2809

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347
reference_id	CVE-2022-28347
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28347

fixed_packages

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh

url VCID-f4a7-tcz5-byfj

vulnerability_id VCID-f4a7-tcz5-byfj

summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

references

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

reference_url	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd

reference_url	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

reference_url	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5465

reference_url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/jul/03/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id	CVE-2023-36053
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-36053

reference_url	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id	GHSA-jh3w-4vvf-mjgr
reference_type
scores
url	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr

fixed_packages

url pkg:pypi/django@3.2.20

purl pkg:pypi/django@3.2.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20

url pkg:pypi/django@4.1.10

purl pkg:pypi/django@4.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10

url pkg:pypi/django@4.2.3

purl pkg:pypi/django@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3

aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj

url VCID-fksk-pr23-2yd8

vulnerability_id VCID-fksk-pr23-2yd8

summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-8c5j-9r9f-c6w8

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489

reference_url	https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16

reference_url	https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45116
reference_id	CVE-2021-45116
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45116

fixed_packages

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8

url VCID-fsaw-3ta1-x3dw

vulnerability_id VCID-fsaw-3ta1-x3dw

summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

references

reference_url	https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security

reference_url	https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url	https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521

reference_url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e

reference_url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/mar/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id	CVE-2024-27351
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-27351

reference_url	https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id	GHSA-vm8q-m57g-pff3
reference_type
scores
url	https://github.com/advisories/GHSA-vm8q-m57g-pff3

fixed_packages

url	pkg:pypi/django@3.2.25
purl	pkg:pypi/django@3.2.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25

url pkg:pypi/django@4.2.11

purl pkg:pypi/django@4.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11

url pkg:pypi/django@5.0.3

purl pkg:pypi/django@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-qw15-2kq7-wqed

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-xcmd-18ck-gqae

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3

aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw

url VCID-m1dr-sjmw-jfd2

vulnerability_id VCID-m1dr-sjmw-jfd2

summary

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/oct/04/security-releases/

reference_url

reference_id

AVG-2809

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2809

fixed_packages

url pkg:pypi/django@3.2.16

purl pkg:pypi/django@3.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.16

url pkg:pypi/django@4.0.8

purl pkg:pypi/django@4.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.8

url pkg:pypi/django@4.1.2

purl pkg:pypi/django@4.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2

aliases CVE-2022-41323, PYSEC-2022-304

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1dr-sjmw-jfd2

url VCID-m33h-4p9q-63fb

vulnerability_id VCID-m33h-4p9q-63fb

summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

references

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473

reference_url	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8

reference_url	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231221-0001

reference_url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id	CVE-2023-43665
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-43665

reference_url	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id	GHSA-h8gc-pgj2-vjm3
reference_type
scores
url	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3

fixed_packages

url pkg:pypi/django@3.2.22

purl pkg:pypi/django@3.2.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.22

url pkg:pypi/django@4.1.12

purl pkg:pypi/django@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12

url pkg:pypi/django@4.2.6

purl pkg:pypi/django@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6

aliases CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb

url VCID-n9vn-4uxr-hkau

vulnerability_id VCID-n9vn-4uxr-hkau

summary In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20211229-0006
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20211229-0006

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2021/12/07/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2021/12/07/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420
reference_id	CVE-2021-44420
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420

fixed_packages

url pkg:pypi/django@3.2.10

purl pkg:pypi/django@3.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10

aliases CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau

url VCID-nss9-1yrb-x7f2

vulnerability_id VCID-nss9-1yrb-x7f2

summary sql injection

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-2gwj-7jmv-h26r
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-2gwj-7jmv-h26r

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48

reference_url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d

reference_url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
reference_id
reference_type
scores
url	https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60

reference_url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
reference_id
reference_type
scores
url	https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url	https://security.netapp.com/advisory/ntap-20220609-0002
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220609-0002

reference_url	https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
url	https://www.debian.org/security/2022/dsa-5254

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/04/11/1

reference_url	https://security.archlinux.org/ASA-202204-9
reference_id	ASA-202204-9
reference_type
scores
url	https://security.archlinux.org/ASA-202204-9

reference_url

reference_id

AVG-2667

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346
reference_id	CVE-2022-28346
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-28346

fixed_packages

url pkg:pypi/django@3.2.13

purl pkg:pypi/django@3.2.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13

url pkg:pypi/django@4.0.4

purl pkg:pypi/django@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4

aliases CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2

url VCID-qgp1-4efd-6yg6

vulnerability_id VCID-qgp1-4efd-6yg6

summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url	https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e

reference_url	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9

reference_url	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url	https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231214-0002

reference_url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id	CVE-2023-41164
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-41164

reference_url	https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id	GHSA-7h4p-27mh-hmrw
reference_type
scores
url	https://github.com/advisories/GHSA-7h4p-27mh-hmrw

fixed_packages

url pkg:pypi/django@3.2.21

purl pkg:pypi/django@3.2.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.21

url pkg:pypi/django@4.1.11

purl pkg:pypi/django@4.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-m33h-4p9q-63fb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11

url pkg:pypi/django@4.2.5

purl pkg:pypi/django@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

vulnerability	VCID-yuda-1mur-8bbq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5

aliases CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6

url VCID-u9q1-63gf-7feh

vulnerability_id VCID-u9q1-63gf-7feh

summary In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-qm57-vhq3-3fwf
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-qm57-vhq3-3fwf

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2021/05/06/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/06/1

fixed_packages

url pkg:pypi/django@3.2.2

purl pkg:pypi/django@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z4x1-e7tp-rqhz

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2

aliases CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh

url VCID-yuda-1mur-8bbq

vulnerability_id VCID-yuda-1mur-8bbq

summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

references

reference_url	https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security

reference_url	https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/5.0/releases/security/

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url	https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc

reference_url	https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9

reference_url	https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2

reference_url	https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml

reference_url	https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2024/feb/06/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id	CVE-2024-24680
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-24680

reference_url	https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id	GHSA-xxj9-f6rv-m3x4
reference_type
scores
url	https://github.com/advisories/GHSA-xxj9-f6rv-m3x4

fixed_packages

url pkg:pypi/django@3.2.24

purl pkg:pypi/django@3.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fsaw-3ta1-x3dw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24

url pkg:pypi/django@4.2.10

purl pkg:pypi/django@4.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-4kcg-gx5y-cuaw

vulnerability	VCID-5xtt-au84-zbb2

vulnerability	VCID-7c5n-nzwk-v7bz

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-9kvc-1bdz-n3bd

vulnerability	VCID-bb8b-hq41-s7a6

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fcg9-xypn-ykhf

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-ga69-9y5g-77c3

vulnerability	VCID-ga7z-wj4j-63h1

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-jybd-p65h-xffy

vulnerability	VCID-kxdd-yzp3-r7cb

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-phkp-9abp-f3dq

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-r1vx-vv7d-gqaj

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-shch-yusm-1uck

vulnerability	VCID-shjc-2j68-2yfy

vulnerability	VCID-tktt-vg92-6kae

vulnerability	VCID-tuqc-c251-h7ds

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-wa3g-27sx-mbcw

vulnerability	VCID-whgc-pt2s-77ar

vulnerability	VCID-xcmd-18ck-gqae

vulnerability	VCID-ynt9-h6ww-h7e9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10

url pkg:pypi/django@5.0.2

purl pkg:pypi/django@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ft7-rbey-kuhx

vulnerability	VCID-9gq3-whr8-s7b8

vulnerability	VCID-e12b-tw2c-53c9

vulnerability	VCID-e8j6-mybr-17fh

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-hsjn-xnpp-5yeh

vulnerability	VCID-jgv9-vdbm-sycd

vulnerability	VCID-pa7y-gpwp-6qgj

vulnerability	VCID-qw15-2kq7-wqed

vulnerability	VCID-qy1a-x3ff-4bc8

vulnerability	VCID-rqqc-ta7c-ykgx

vulnerability	VCID-s1rj-1xbw-fbg5

vulnerability	VCID-ud73-4t2c-n3at

vulnerability	VCID-vgq9-s6th-yufg

vulnerability	VCID-xcmd-18ck-gqae

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2

aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq

url VCID-z4x1-e7tp-rqhz

vulnerability_id VCID-z4x1-e7tp-rqhz

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-p99v-5w3c-jqq9
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-p99v-5w3c-jqq9

reference_url	https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
reference_id
reference_type
scores
url	https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url