Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@4.0.8
Typepypi
Namespace
Namedjango
Version4.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-4z4e-8ttu-tyd6
vulnerability_id VCID-4z4e-8ttu-tyd6
summary An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
references
0
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
reference_id
reference_type
scores
url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
4
reference_url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
reference_id
reference_type
scores
url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
5
reference_url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
reference_id
reference_type
scores
url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
20
reference_url https://security.netapp.com/advisory/ntap-20230316-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230316-0006
21
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
22
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
23
reference_url http://www.openwall.com/lists/oss-security/2023/02/14/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/02/14/1
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
reference_id CVE-2023-24580
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
25
reference_url https://github.com/advisories/GHSA-2hrw-hx67-34x6
reference_id GHSA-2hrw-hx67-34x6
reference_type
scores
url https://github.com/advisories/GHSA-2hrw-hx67-34x6
fixed_packages
0
url pkg:pypi/django@4.0.10
purl pkg:pypi/django@4.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4a7-tcz5-byfj
1
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.10
1
url pkg:pypi/django@4.1.7
purl pkg:pypi/django@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-f4a7-tcz5-byfj
2
vulnerability VCID-m33h-4p9q-63fb
3
vulnerability VCID-qgp1-4efd-6yg6
4
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7
aliases CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z4e-8ttu-tyd6
1
url VCID-au8h-vj9k-pufv
vulnerability_id VCID-au8h-vj9k-pufv
summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
references
0
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security
1
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.1/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
4
reference_url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
5
reference_url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
7
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
8
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
11
reference_url https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230302-0007
12
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
13
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id CVE-2023-23969
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
15
reference_url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id GHSA-q2jf-h9jm-m7p4
reference_type
scores
url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
fixed_packages
0
url pkg:pypi/django@4.0.9
purl pkg:pypi/django@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z4e-8ttu-tyd6
1
vulnerability VCID-f4a7-tcz5-byfj
2
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.9
1
url pkg:pypi/django@4.1.6
purl pkg:pypi/django@4.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z4e-8ttu-tyd6
1
vulnerability VCID-am3f-c5ex-8ff2
2
vulnerability VCID-f4a7-tcz5-byfj
3
vulnerability VCID-m33h-4p9q-63fb
4
vulnerability VCID-qgp1-4efd-6yg6
5
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6
aliases CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-au8h-vj9k-pufv
2
url VCID-f4a7-tcz5-byfj
vulnerability_id VCID-f4a7-tcz5-byfj
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
4
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
5
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
6
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
17
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
18
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
19
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
21
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
fixed_packages
0
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-m33h-4p9q-63fb
2
vulnerability VCID-qgp1-4efd-6yg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
1
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-fcg9-xypn-ykhf
11
vulnerability VCID-fsaw-3ta1-x3dw
12
vulnerability VCID-ga69-9y5g-77c3
13
vulnerability VCID-ga7z-wj4j-63h1
14
vulnerability VCID-hsjn-xnpp-5yeh
15
vulnerability VCID-jgv9-vdbm-sycd
16
vulnerability VCID-jybd-p65h-xffy
17
vulnerability VCID-kxdd-yzp3-r7cb
18
vulnerability VCID-m33h-4p9q-63fb
19
vulnerability VCID-pa7y-gpwp-6qgj
20
vulnerability VCID-phkp-9abp-f3dq
21
vulnerability VCID-qgp1-4efd-6yg6
22
vulnerability VCID-qy1a-x3ff-4bc8
23
vulnerability VCID-r1vx-vv7d-gqaj
24
vulnerability VCID-rqqc-ta7c-ykgx
25
vulnerability VCID-s1rj-1xbw-fbg5
26
vulnerability VCID-shch-yusm-1uck
27
vulnerability VCID-shjc-2j68-2yfy
28
vulnerability VCID-tktt-vg92-6kae
29
vulnerability VCID-tuqc-c251-h7ds
30
vulnerability VCID-ud73-4t2c-n3at
31
vulnerability VCID-vgq9-s6th-yufg
32
vulnerability VCID-wa3g-27sx-mbcw
33
vulnerability VCID-whgc-pt2s-77ar
34
vulnerability VCID-xcmd-18ck-gqae
35
vulnerability VCID-ynt9-h6ww-h7e9
36
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj
3
url VCID-z6tf-z1y9-cydq
vulnerability_id VCID-z6tf-z1y9-cydq
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
4
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
5
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
7
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
11
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230609-0008
12
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
13
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
15
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
fixed_packages
0
url pkg:pypi/django@4.1.9
purl pkg:pypi/django@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-f4a7-tcz5-byfj
2
vulnerability VCID-m33h-4p9q-63fb
3
vulnerability VCID-qgp1-4efd-6yg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9
1
url pkg:pypi/django@4.2.1
purl pkg:pypi/django@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-f4a7-tcz5-byfj
11
vulnerability VCID-fcg9-xypn-ykhf
12
vulnerability VCID-fsaw-3ta1-x3dw
13
vulnerability VCID-ga69-9y5g-77c3
14
vulnerability VCID-ga7z-wj4j-63h1
15
vulnerability VCID-hsjn-xnpp-5yeh
16
vulnerability VCID-jgv9-vdbm-sycd
17
vulnerability VCID-jybd-p65h-xffy
18
vulnerability VCID-kxdd-yzp3-r7cb
19
vulnerability VCID-m33h-4p9q-63fb
20
vulnerability VCID-pa7y-gpwp-6qgj
21
vulnerability VCID-phkp-9abp-f3dq
22
vulnerability VCID-qgp1-4efd-6yg6
23
vulnerability VCID-qy1a-x3ff-4bc8
24
vulnerability VCID-r1vx-vv7d-gqaj
25
vulnerability VCID-rqqc-ta7c-ykgx
26
vulnerability VCID-s1rj-1xbw-fbg5
27
vulnerability VCID-shch-yusm-1uck
28
vulnerability VCID-shjc-2j68-2yfy
29
vulnerability VCID-tktt-vg92-6kae
30
vulnerability VCID-tuqc-c251-h7ds
31
vulnerability VCID-ud73-4t2c-n3at
32
vulnerability VCID-vgq9-s6th-yufg
33
vulnerability VCID-wa3g-27sx-mbcw
34
vulnerability VCID-whgc-pt2s-77ar
35
vulnerability VCID-xcmd-18ck-gqae
36
vulnerability VCID-ynt9-h6ww-h7e9
37
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1
aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tf-z1y9-cydq
Fixing_vulnerabilities
0
url VCID-m1dr-sjmw-jfd2
vulnerability_id VCID-m1dr-sjmw-jfd2
summary
references
0
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
1
reference_url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
reference_id
reference_type
scores
url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
4
reference_url https://security.archlinux.org/AVG-2809
reference_id AVG-2809
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2809
fixed_packages
0
url pkg:pypi/django@3.2.16
purl pkg:pypi/django@3.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z4e-8ttu-tyd6
1
vulnerability VCID-am3f-c5ex-8ff2
2
vulnerability VCID-au8h-vj9k-pufv
3
vulnerability VCID-f4a7-tcz5-byfj
4
vulnerability VCID-fsaw-3ta1-x3dw
5
vulnerability VCID-m33h-4p9q-63fb
6
vulnerability VCID-qgp1-4efd-6yg6
7
vulnerability VCID-yuda-1mur-8bbq
8
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.16
1
url pkg:pypi/django@4.0.8
purl pkg:pypi/django@4.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z4e-8ttu-tyd6
1
vulnerability VCID-au8h-vj9k-pufv
2
vulnerability VCID-f4a7-tcz5-byfj
3
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.8
2
url pkg:pypi/django@4.1.2
purl pkg:pypi/django@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z4e-8ttu-tyd6
1
vulnerability VCID-am3f-c5ex-8ff2
2
vulnerability VCID-au8h-vj9k-pufv
3
vulnerability VCID-f4a7-tcz5-byfj
4
vulnerability VCID-m33h-4p9q-63fb
5
vulnerability VCID-qgp1-4efd-6yg6
6
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2
aliases CVE-2022-41323, PYSEC-2022-304
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1dr-sjmw-jfd2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.8