Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@2.2a1

Type pypi

Namespace

Name django

Version 2.2a1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.2.28

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-6jpg-yrf8-cufy

vulnerability_id VCID-6jpg-yrf8-cufy

summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

references

reference_url	https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url	https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-53qw-q765-4fww

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277

reference_url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20

reference_url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220121-0005

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id	CVE-2021-45115
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45115

fixed_packages

url pkg:pypi/django@2.2.26

purl pkg:pypi/django@2.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26

url pkg:pypi/django@3.2.11

purl pkg:pypi/django@3.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11

url pkg:pypi/django@4.0.1

purl pkg:pypi/django@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1

aliases CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy

url VCID-84eq-cq89-9qhm

vulnerability_id VCID-84eq-cq89-9qhm

summary

Modification of Assumed-Immutable Data (MAID)
Prototype pollution attack through jQuery $.extend

references

reference_url	https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHBA-2019:1570

reference_url	https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1456

reference_url	https://access.redhat.com/errata/RHSA-2019:2587
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2587

reference_url	https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3023

reference_url	https://access.redhat.com/errata/RHSA-2019:3024
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3024

reference_url	https://backdropcms.org/security/backdrop-sa-core-2019-009
reference_id
reference_type
scores
url	https://backdropcms.org/security/backdrop-sa-core-2019-009

reference_url	https://blog.jquery.com/2019/04/10/jquery-3-4-0-released
reference_id
reference_type
scores
url	https://blog.jquery.com/2019/04/10/jquery-3-4-0-released

reference_url	https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
reference_id
reference_type
scores
url	https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

reference_url	https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f

reference_url	https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829
reference_id
reference_type
scores
url	https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829

reference_url	https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad
reference_id
reference_type
scores
url	https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad

reference_url	https://github.com/jquery/jquery
reference_id
reference_type
scores
url	https://github.com/jquery/jquery

reference_url	https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
reference_id
reference_type
scores
url	https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

reference_url	https://github.com/jquery/jquery/pull/4333
reference_id
reference_type
scores
url	https://github.com/jquery/jquery/pull/4333

reference_url	https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc
reference_id
reference_type
scores
url	https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc

reference_url	https://github.com/maximebf/php-debugbar/issues/447
reference_id
reference_type
scores
url	https://github.com/maximebf/php-debugbar/issues/447

reference_url	https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
reference_id
reference_type
scores
url	https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434

reference_url

https://hackerone.com/reports/454365

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements

url

https://hackerone.com/reports/454365

reference_url	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
reference_id
reference_type
scores
url	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

reference_url	https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

reference_url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html

reference_url	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5

reference_url	https://seclists.org/bugtraq/2019/Apr/32
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/32

reference_url	https://seclists.org/bugtraq/2019/Jun/12
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Jun/12

reference_url	https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/May/18

reference_url	https://security.netapp.com/advisory/ntap-20190919-0001
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190919-0001

reference_url	https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226
reference_id
reference_type
scores
url	https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226

reference_url	https://snyk.io/vuln/SNYK-JS-JQUERY-174006
reference_id
reference_type
scores
url	https://snyk.io/vuln/SNYK-JS-JQUERY-174006

reference_url	https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
reference_id
reference_type
scores
url	https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1

reference_url	https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
url	https://web.archive.org/web/20190824065237/http://www.securityfocus.com/bid/108023

reference_url	https://www.debian.org/security/2019/dsa-4434
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4434

reference_url	https://www.debian.org/security/2019/dsa-4460
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4460

reference_url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases

reference_url	https://www.drupal.org/sa-core-2019-006
reference_id
reference_type
scores
url	https://www.drupal.org/sa-core-2019-006

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2022.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery
reference_id
reference_type
scores
url	https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery

reference_url	https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
url	https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url	https://www.tenable.com/security/tns-2019-08
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-08

reference_url	https://www.tenable.com/security/tns-2020-02
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2020-02

100

reference_url	http://www.securityfocus.com/bid/108023
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108023

101

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json

reference_id

496

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json

102

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-11358
reference_id	CVE-2019-11358
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-11358

103

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml
reference_id	CVE-2019-11358.YML
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml

104

reference_url	https://github.com/advisories/GHSA-6c3j-c64m-qhgq
reference_id	GHSA-6c3j-c64m-qhgq
reference_type
scores
url	https://github.com/advisories/GHSA-6c3j-c64m-qhgq

fixed_packages

url pkg:pypi/django@2.2.2

purl pkg:pypi/django@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mfy-uj9u-d7de

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-c3m7-fu62-2qd9

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-g44a-m54u-97cr

vulnerability	VCID-gfar-wbzc-3ubr

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-yreb-z7nz-jkbs

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2

aliases CVE-2019-11358, GHSA-6c3j-c64m-qhgq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84eq-cq89-9qhm

url VCID-9mpt-zxaw-kkeg

vulnerability_id VCID-9mpt-zxaw-kkeg

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

https://security.archlinux.org/AVG-2026

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2026

fixed_packages

url pkg:pypi/django@2.2.24

purl pkg:pypi/django@2.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24

url pkg:pypi/django@3.1.12

purl pkg:pypi/django@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-n9vn-4uxr-hkau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12

url pkg:pypi/django@3.2.4

purl pkg:pypi/django@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4

aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg

url VCID-kbab-v2gz-dfe6

vulnerability_id VCID-kbab-v2gz-dfe6

summary An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

reference_url	https://docs.djangoproject.com/en/dev/releases/1.11.21
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/1.11.21

reference_url	https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/1.11.21/

reference_url	https://docs.djangoproject.com/en/dev/releases/2.1.9
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/2.1.9

reference_url	https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/2.1.9/

reference_url	https://docs.djangoproject.com/en/dev/releases/2.2.2
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/2.2.2

reference_url	https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/2.2.2/

reference_url	https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-7rp2-fm2h-wchj
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-7rp2-fm2h-wchj

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
reference_id
reference_type
scores
url	https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62

reference_url	https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
reference_id
reference_type
scores
url	https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673

reference_url	https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml

reference_url	https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8

reference_url	https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/

reference_url	https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Jul/10

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4043-1

reference_url	https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4043-1/

reference_url	https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4476

reference_url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases

reference_url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/jun/03/security-releases/

reference_url	http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/06/03/2

reference_url	http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108559

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-12308
reference_id	CVE-2019-12308
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-12308

fixed_packages

url pkg:pypi/django@2.2.2

purl pkg:pypi/django@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mfy-uj9u-d7de

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-c3m7-fu62-2qd9

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-g44a-m54u-97cr

vulnerability	VCID-gfar-wbzc-3ubr

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-pgtx-cdua-kfb4

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-yreb-z7nz-jkbs

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2

aliases CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6

url VCID-n9vn-4uxr-hkau

vulnerability_id VCID-n9vn-4uxr-hkau

summary In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-v6rh-hp5x-86rv

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url	https://security.netapp.com/advisory/ntap-20211229-0006
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20211229-0006

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/dec/07/security-releases/

reference_url	https://www.openwall.com/lists/oss-security/2021/12/07/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2021/12/07/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420
reference_id	CVE-2021-44420
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44420

fixed_packages

url pkg:pypi/django@2.2.25

purl pkg:pypi/django@2.2.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.25

url	pkg:pypi/django@3.1.14
purl	pkg:pypi/django@3.1.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14

url pkg:pypi/django@3.2.10

purl pkg:pypi/django@3.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10

aliases CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2a1

Package Instance