Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5308?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5308?format=api", "purl": "pkg:pypi/django@1.11.5", "type": "pypi", "namespace": "", "name": "django", "version": "1.11.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.29", "latest_non_vulnerable_version": "6.0.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5767?format=api", "vulnerability_id": "VCID-1fs3-2msx-9kev", "summary": "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0265", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0265" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91782", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91775", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.9175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91783", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91785", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07477", "scoring_system": "epss", "scoring_elements": "0.91741", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5hg3-6c2f-f3wr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hg3-6c2f-f3wr" }, { "reference_url": "https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525" }, { "reference_url": "https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c" }, { "reference_url": "https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml" }, { "reference_url": "https://usn.ubuntu.com/3726-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3726-1" }, { "reference_url": "https://usn.ubuntu.com/3726-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3726-1/" }, { "reference_url": "https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403" }, { "reference_url": "https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4264", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4264" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/104970", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104970" }, { "reference_url": "http://www.securitytracker.com/id/1041403", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041403" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609031", "reference_id": "1609031", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609031" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216", "reference_id": "905216", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216" }, { "reference_url": "https://security.archlinux.org/ASA-201808-1", "reference_id": "ASA-201808-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201808-1" }, { "reference_url": "https://security.archlinux.org/AVG-743", "reference_id": "AVG-743", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-743" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14574", "reference_id": "CVE-2018-14574", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6844?format=api", "purl": "pkg:pypi/django@1.11.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/6843?format=api", "purl": "pkg:pypi/django@2.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.8" } ], "aliases": [ "CVE-2018-14574", "GHSA-5hg3-6c2f-f3wr", "PYSEC-2018-2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fs3-2msx-9kev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5917?format=api", "vulnerability_id": "VCID-1v22-g646-wbay", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89089", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89145", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89148", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89132", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-v9qg-3j8p-r63v", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9qg-3j8p-r63v" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14235" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734422", "reference_id": "1734422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734422" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026", "reference_id": "934026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026" }, { "reference_url": "https://security.archlinux.org/ASA-201908-2", "reference_id": "ASA-201908-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-2" }, { "reference_url": "https://security.archlinux.org/AVG-1015", "reference_id": "AVG-1015", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1324", "reference_id": "RHSA-2020:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4390", "reference_id": "RHSA-2020:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4390" }, { "reference_url": "https://usn.ubuntu.com/4084-1/", "reference_id": "USN-4084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "CVE-2019-14235", "GHSA-v9qg-3j8p-r63v", "PYSEC-2019-14" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5915?format=api", "vulnerability_id": "VCID-2zb9-27sm-3kgh", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86646", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86613", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86594", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03026", "scoring_system": "epss", "scoring_elements": "0.86653", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-c4qh-4vgv-qc6g", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4qh-4vgv-qc6g" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml" }, { "reference_url": "https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ" }, { "reference_url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14232" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/10/04/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/10/04/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/04/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/04/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/04/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734405", "reference_id": "1734405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734405" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026", "reference_id": "934026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026" }, { "reference_url": "https://security.archlinux.org/ASA-201908-2", "reference_id": "ASA-201908-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-2" }, { "reference_url": "https://security.archlinux.org/AVG-1015", "reference_id": "AVG-1015", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1324", "reference_id": "RHSA-2020:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4390", "reference_id": "RHSA-2020:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4390" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://usn.ubuntu.com/4084-1/", "reference_id": "USN-4084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "CVE-2019-14232", "GHSA-c4qh-4vgv-qc6g", "PYSEC-2019-11" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5887?format=api", "vulnerability_id": "VCID-56na-n4w5-8fak", "summary": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80773", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80752", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80743", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80808", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80822", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80806", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.80798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01454", "scoring_system": "epss", "scoring_elements": "0.8077", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/1.11.21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/1.11.21" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.1.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/2.1.9" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/2.2.2" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7rp2-fm2h-wchj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rp2-fm2h-wchj" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62" }, { "reference_url": "https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673" }, { "reference_url": "https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://usn.ubuntu.com/4043-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4043-1" }, { "reference_url": "https://usn.ubuntu.com/4043-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "reference_url": "http://www.securityfocus.com/bid/108559", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715915", "reference_id": "1715915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715915" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927", "reference_id": "929927", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927" }, { "reference_url": "https://security.archlinux.org/ASA-201906-2", "reference_id": "ASA-201906-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-2" }, { "reference_url": "https://security.archlinux.org/AVG-969", "reference_id": "AVG-969", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-969" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12308", "reference_id": "CVE-2019-12308", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12308" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8516?format=api", "purl": "pkg:pypi/django@1.11.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/8515?format=api", "purl": "pkg:pypi/django@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/8517?format=api", "purl": "pkg:pypi/django@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2" } ], "aliases": [ "CVE-2019-12308", "GHSA-7rp2-fm2h-wchj", "PYSEC-2019-79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56na-n4w5-8fak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9153?format=api", "vulnerability_id": "VCID-6gss-ppm5-3yc9", "summary": "An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73852", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73865", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.7387", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73857", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.73823", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.0/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8x94-hmjh-97hq", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8x94-hmjh-97hq" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80" }, { "reference_url": "https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3" }, { "reference_url": "https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36359" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0008" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/08/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/08/03/1" }, { "reference_url": "https://security.archlinux.org/AVG-2810", "reference_id": "AVG-2810", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2810" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/5549-1/", "reference_id": "USN-5549-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5549-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28201?format=api", "purl": "pkg:pypi/django@3.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-78r4-85ms-63hm" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/28202?format=api", "purl": "pkg:pypi/django@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7" } ], "aliases": [ "BIT-django-2022-36359", "CVE-2022-36359", "GHSA-8x94-hmjh-97hq", "PYSEC-2022-245" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89508?format=api", "vulnerability_id": "VCID-6xs7-fpvj-mbbw", "summary": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190705-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190705-0002/" }, { "reference_url": "https://usn.ubuntu.com/4043-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/01/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/07/01/3" }, { "reference_url": "http://www.securityfocus.com/bid/109018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/109018" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8644?format=api", "purl": "pkg:pypi/django@1.11.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/8642?format=api", "purl": "pkg:pypi/django@2.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/8643?format=api", "purl": "pkg:pypi/django@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3" } ], "aliases": [ "PYSEC-2019-80" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xs7-fpvj-mbbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22243?format=api", "vulnerability_id": "VCID-84mm-45p6-xkau", "summary": "Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05452", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0548", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05417", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05459", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242" }, { "reference_url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac" }, { "reference_url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f" }, { "reference_url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649", "reference_id": "2412649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458", "reference_id": "CVE-2025-64458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458" }, { "reference_url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3", "reference_id": "GHSA-qw25-v68c-qjf3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64824?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/64823?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64822?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67632?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "CVE-2025-64458", "GHSA-qw25-v68c-qjf3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15097?format=api", "vulnerability_id": "VCID-896g-hqec-ryb9", "summary": "An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6146", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61439", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61378", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/04/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282", "reference_id": "1107282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365", "reference_id": "2370365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365" }, { "reference_url": "https://security.archlinux.org/ASA-202506-6", "reference_id": "ASA-202506-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-6" }, { "reference_url": "https://security.archlinux.org/AVG-2894", "reference_id": "AVG-2894", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2894" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/", "reference_id": "bugfix-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/" }, { "reference_url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9", "reference_id": "GHSA-7xr5-9hcq-chf9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14686", "reference_id": "RHSA-2025:14686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://usn.ubuntu.com/7555-1/", "reference_id": "USN-7555-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7555-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53118?format=api", "purl": "pkg:pypi/django@4.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/53117?format=api", "purl": "pkg:pypi/django@5.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53116?format=api", "purl": "pkg:pypi/django@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2" } ], "aliases": [ "BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5988?format=api", "vulnerability_id": "VCID-8jaq-53td-wbeg", "summary": "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)", "references": [ { "reference_url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.9433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94328", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.9432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.9431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13973", "scoring_system": "epss", "scoring_elements": "0.94309", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-vfq6-hq5r-27r6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfq6-hq5r-27r6" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26" }, { "reference_url": "https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e" }, { "reference_url": "https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70" }, { "reference_url": "https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19844", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19844" }, { "reference_url": "https://seclists.org/bugtraq/2020/Jan/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2020/Jan/9" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200110-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200110-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200110-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200110-0003/" }, { "reference_url": "https://usn.ubuntu.com/4224-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4224-1" }, { "reference_url": "https://usn.ubuntu.com/4224-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4224-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4598" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788425", "reference_id": "1788425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788425" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937", "reference_id": "946937", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937" }, { "reference_url": "https://security.archlinux.org/AVG-1080", "reference_id": "AVG-1080", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1080" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md", "reference_id": "CVE-2019-19844", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md" }, { "reference_url": "https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/", "reference_id": "CVE-2019-19844", "reference_type": "exploit", "scores": [], "url": "https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/" }, { "reference_url": "https://usn.ubuntu.com/6722-1/", "reference_id": "USN-6722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6722-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9783?format=api", "purl": "pkg:pypi/django@1.11.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/9784?format=api", "purl": "pkg:pypi/django@2.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10025?format=api", "purl": "pkg:pypi/django@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gan1-9gwu-63d2" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1" } ], "aliases": [ "CVE-2019-19844", "GHSA-vfq6-hq5r-27r6", "PYSEC-2019-16" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=api", "vulnerability_id": "VCID-9uzd-mmyv-mfh4", "summary": "Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68774", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85" }, { "reference_url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4" }, { "reference_url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b" }, { "reference_url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241" }, { "reference_url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139", "reference_id": "1120139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651", "reference_id": "2412651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py", "reference_id": "CVE-2025-64459", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459", "reference_id": "CVE-2025-64459", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459" }, { "reference_url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr", "reference_id": "GHSA-frmv-pr5f-9mcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23070", "reference_id": "RHSA-2025:23070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23130", "reference_id": "RHSA-2025:23130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23133", "reference_id": "RHSA-2025:23133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1596", "reference_id": "RHSA-2026:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1596" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7859-1/", "reference_id": "USN-7859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64824?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/64823?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/64822?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67632?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "CVE-2025-64459", "GHSA-frmv-pr5f-9mcr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5919?format=api", "vulnerability_id": "VCID-a8zx-jamf-cfcm", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19114", "scoring_system": "epss", "scoring_elements": "0.95344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19114", "scoring_system": "epss", "scoring_elements": "0.95346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19114", "scoring_system": "epss", "scoring_elements": "0.95339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19114", "scoring_system": "epss", "scoring_elements": "0.95335", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19114", "scoring_system": "epss", "scoring_elements": "0.95328", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1952", "scoring_system": "epss", "scoring_elements": "0.95382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1952", "scoring_system": "epss", "scoring_elements": "0.95376", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1952", "scoring_system": "epss", "scoring_elements": "0.95367", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6r97-cj55-9hrq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r97-cj55-9hrq" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387" }, { "reference_url": "https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef" }, { "reference_url": "https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14234" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734417", "reference_id": "1734417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734417" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026", "reference_id": "934026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026" }, { "reference_url": "https://security.archlinux.org/ASA-201908-2", "reference_id": "ASA-201908-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-2" }, { "reference_url": "https://security.archlinux.org/AVG-1015", "reference_id": "AVG-1015", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1324", "reference_id": "RHSA-2020:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4390", "reference_id": "RHSA-2020:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4390" }, { "reference_url": "https://usn.ubuntu.com/4084-1/", "reference_id": "USN-4084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "CVE-2019-14234", "GHSA-6r97-cj55-9hrq", "PYSEC-2019-13" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89444?format=api", "vulnerability_id": "VCID-be38-bevp-y7ae", "summary": "An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/1.11.21/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.1.9/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/2.2.2/" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://usn.ubuntu.com/4043-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "reference_url": "http://www.securityfocus.com/bid/108559", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108559" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8516?format=api", "purl": "pkg:pypi/django@1.11.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/8515?format=api", "purl": "pkg:pypi/django@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/8517?format=api", "purl": "pkg:pypi/django@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2" } ], "aliases": [ "PYSEC-2019-9" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-be38-bevp-y7ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89183?format=api", "vulnerability_id": "VCID-c3ne-nkd9-pug8", "summary": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://usn.ubuntu.com/3890-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3890-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/02/11/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2019/02/11/1" }, { "reference_url": "http://www.securityfocus.com/bid/106964", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106964" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8048?format=api", "purl": "pkg:pypi/django@1.11.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/8049?format=api", "purl": "pkg:pypi/django@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/8050?format=api", "purl": "pkg:pypi/django@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7" } ], "aliases": [ "PYSEC-2019-88" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3ne-nkd9-pug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12049?format=api", "vulnerability_id": "VCID-e2jd-yd4j-kqgt", "summary": "Django allows enumeration of user e-mail addresses\nAn issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46351", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496", "reference_id": "2314496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43224?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/43219?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/43217?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sac-ah8j-pucd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9abh-apwm-ebab" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e87q-1j8h-93hh" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-p9fd-1qx2-8ubc" }, { "vulnerability": "VCID-rmdp-bnjj-zuf2" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wwa5-mhgu-9khz" }, { "vulnerability": "VCID-xgv1-s2ek-q3dp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89781?format=api", "vulnerability_id": "VCID-f7dh-ahya-hfar", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "PYSEC-2019-84" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7dh-ahya-hfar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89858?format=api", "vulnerability_id": "VCID-hpg4-c6bk-s7c7", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "PYSEC-2019-82" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpg4-c6bk-s7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5698?format=api", "vulnerability_id": "VCID-jae8-w85w-cyfu", "summary": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0265", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0265" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83915", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83922", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83932", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02064", "scoring_system": "epss", "scoring_elements": "0.83909", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2f9x-5v75-3qv4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2f9x-5v75-3qv4" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c" }, { "reference_url": "https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539" }, { "reference_url": "https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html" }, { "reference_url": "https://usn.ubuntu.com/3591-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3591-1" }, { "reference_url": "https://usn.ubuntu.com/3591-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3591-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4161", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4161" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/103357", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549779", "reference_id": "1549779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549779" }, { "reference_url": "https://security.archlinux.org/ASA-201803-5", "reference_id": "ASA-201803-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-5" }, { "reference_url": "https://security.archlinux.org/AVG-649", "reference_id": "AVG-649", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7537", "reference_id": "CVE-2018-7537", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7537" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5783?format=api", "purl": "pkg:pypi/django@1.11.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/5784?format=api", "purl": "pkg:pypi/django@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3" } ], "aliases": [ "CVE-2018-7537", "GHSA-2f9x-5v75-3qv4", "PYSEC-2018-6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jae8-w85w-cyfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5916?format=api", "vulnerability_id": "VCID-jtru-9jmz-kkek", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89089", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89143", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89145", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89148", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04511", "scoring_system": "epss", "scoring_elements": "0.89132", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h5jv-4p7w-64jg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5jv-4p7w-64jg" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14233", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14233" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734410", "reference_id": "1734410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734410" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026", "reference_id": "934026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026" }, { "reference_url": "https://security.archlinux.org/ASA-201908-2", "reference_id": "ASA-201908-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-2" }, { "reference_url": "https://security.archlinux.org/AVG-1015", "reference_id": "AVG-1015", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1324", "reference_id": "RHSA-2020:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4390", "reference_id": "RHSA-2020:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4390" }, { "reference_url": "https://usn.ubuntu.com/4084-1/", "reference_id": "USN-4084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "CVE-2019-14233", "GHSA-h5jv-4p7w-64jg", "PYSEC-2019-12" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89815?format=api", "vulnerability_id": "VCID-k114-8z8u-2qh1", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "PYSEC-2019-81" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k114-8z8u-2qh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89880?format=api", "vulnerability_id": "VCID-mjsc-w5v5-t7cg", "summary": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/15" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4498" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8972?format=api", "purl": "pkg:pypi/django@1.11.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/8973?format=api", "purl": "pkg:pypi/django@2.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8974?format=api", "purl": "pkg:pypi/django@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4" } ], "aliases": [ "PYSEC-2019-83" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjsc-w5v5-t7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5699?format=api", "vulnerability_id": "VCID-mv1p-yxvp-pbh6", "summary": "An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0051", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0265", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0265" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80216", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80244", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.8023", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01372", "scoring_system": "epss", "scoring_elements": "0.80224", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537" }, { "reference_url": "https://github.com/advisories/GHSA-r28v-mw67-m5p9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r28v-mw67-m5p9" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2" }, { "reference_url": "https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16" }, { "reference_url": "https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html" }, { "reference_url": "https://usn.ubuntu.com/3591-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3591-1" }, { "reference_url": "https://usn.ubuntu.com/3591-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3591-1/" }, { "reference_url": "https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4161", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4161" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2018/mar/06/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/103361", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103361" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549777", "reference_id": "1549777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549777" }, { "reference_url": "https://security.archlinux.org/ASA-201803-5", "reference_id": "ASA-201803-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-5" }, { "reference_url": "https://security.archlinux.org/AVG-649", "reference_id": "AVG-649", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7536", "reference_id": "CVE-2018-7536", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7536" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5783?format=api", "purl": "pkg:pypi/django@1.11.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/5784?format=api", "purl": "pkg:pypi/django@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3" } ], "aliases": [ "CVE-2018-7536", "GHSA-r28v-mw67-m5p9", "PYSEC-2018-5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5897?format=api", "vulnerability_id": "VCID-qjez-qe32-e3b6", "summary": "An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88249", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88282", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88291", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88279", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88273", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88254", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88226", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03901", "scoring_system": "epss", "scoring_elements": "0.88234", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6c7v-2f49-8h26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6c7v-2f49-8h26" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190705-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190705-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190705-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190705-0002/" }, { "reference_url": "https://usn.ubuntu.com/4043-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4043-1" }, { "reference_url": "https://usn.ubuntu.com/4043-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4043-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/01/3" }, { "reference_url": "http://www.securityfocus.com/bid/109018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/109018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724497", "reference_id": "1724497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316", "reference_id": "931316", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316" }, { "reference_url": "https://security.archlinux.org/ASA-201907-2", "reference_id": "ASA-201907-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-2" }, { "reference_url": "https://security.archlinux.org/AVG-1000", "reference_id": "AVG-1000", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1000" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12781", "reference_id": "CVE-2019-12781", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1324", "reference_id": "RHSA-2020:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4390", "reference_id": "RHSA-2020:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8644?format=api", "purl": "pkg:pypi/django@1.11.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/8642?format=api", "purl": "pkg:pypi/django@2.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/8643?format=api", "purl": "pkg:pypi/django@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3" } ], "aliases": [ "CVE-2019-12781", "GHSA-6c7v-2f49-8h26", "PYSEC-2019-10" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjez-qe32-e3b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6472?format=api", "vulnerability_id": "VCID-qm34-ec8s-tfd7", "summary": "Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55629", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55646", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55657", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55654", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.556", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90" }, { "reference_url": "https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f" }, { "reference_url": "https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0004" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966251", "reference_id": "1966251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394", "reference_id": "989394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3490", "reference_id": "RHSA-2021:3490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5070", "reference_id": "RHSA-2021:5070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5070" }, { "reference_url": "https://usn.ubuntu.com/4975-1/", "reference_id": "USN-4975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-1/" }, { "reference_url": "https://usn.ubuntu.com/4975-2/", "reference_id": "USN-4975-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17548?format=api", "purl": "pkg:pypi/django@2.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/17549?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gan1-9gwu-63d2" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/17550?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42x9-8c3c-bug1" }, { "vulnerability": "VCID-4ztz-fq98-5fh1" }, { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-78r4-85ms-63hm" }, { "vulnerability": "VCID-7tca-pgcs-cuhd" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8m4b-y4va-kqgm" }, { "vulnerability": "VCID-8xgs-8xjr-cber" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gan1-9gwu-63d2" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-jh1e-72hp-fuf4" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-nese-5485-hkbs" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-t6uc-dfrd-jyfg" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wz1q-1tjp-4qhw" }, { "vulnerability": "VCID-ypub-ukuh-p3aw" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "BIT-django-2021-33203", "CVE-2021-33203", "GHSA-68w8-qjq3-2gfm", "PYSEC-2021-98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6028?format=api", "vulnerability_id": "VCID-w2dv-u8h6-sbgs", "summary": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92785", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.928", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92786", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.9279", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09442", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471" }, { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hmr4-m2h5-33qx", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hmr4-m2h5-33qx" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd" }, { "reference_url": "https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b" }, { "reference_url": "https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147" }, { "reference_url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7471", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7471" }, { "reference_url": "https://seclists.org/bugtraq/2020/Feb/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2020/Feb/30" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200221-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200221-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200221-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200221-0006/" }, { "reference_url": "https://usn.ubuntu.com/4264-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4264-1" }, { "reference_url": "https://usn.ubuntu.com/4264-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4264-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4629" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/02/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/02/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798515", "reference_id": "1798515", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798515" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581", "reference_id": "950581", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581" }, { "reference_url": "https://security.archlinux.org/ASA-202002-1", "reference_id": "ASA-202002-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-1" }, { "reference_url": "https://security.archlinux.org/AVG-1091", "reference_id": "AVG-1091", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10027?format=api", "purl": "pkg:pypi/django@1.11.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/10028?format=api", "purl": "pkg:pypi/django@2.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/10029?format=api", "purl": "pkg:pypi/django@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gan1-9gwu-63d2" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3" } ], "aliases": [ "BIT-django-2020-7471", "CVE-2020-7471", "GHSA-hmr4-m2h5-33qx", "PYSEC-2020-35" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25634?format=api", "vulnerability_id": "VCID-w4pr-k5nj-ckgy", "summary": "Django is subject to SQL injection through its column aliases\nAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05593", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05798", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5" }, { "reference_url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92" }, { "reference_url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html" }, { "reference_url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865", "reference_id": "1113865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990", "reference_id": "2392990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990" }, { "reference_url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w", "reference_id": "GHSA-6w2r-r2m5-xq5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16403", "reference_id": "RHSA-2025:16403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16404", "reference_id": "RHSA-2025:16404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17498", "reference_id": "RHSA-2025:17498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17499", "reference_id": "RHSA-2025:17499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17500", "reference_id": "RHSA-2025:17500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7736-1/", "reference_id": "USN-7736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68875?format=api", "purl": "pkg:pypi/django@4.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/68876?format=api", "purl": "pkg:pypi/django@5.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/68877?format=api", "purl": "pkg:pypi/django@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28g3-ubx6-ebff" }, { "vulnerability": "VCID-2tfv-rtq7-2fg9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-8qu1-45n9-gyb1" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-ac4c-321h-tqfk" }, { "vulnerability": "VCID-c6xy-v4sf-u3hn" }, { "vulnerability": "VCID-e9k9-1s9f-dbgv" }, { "vulnerability": "VCID-msge-1mfu-7qfa" }, { "vulnerability": "VCID-mux4-uv98-hbbw" }, { "vulnerability": "VCID-nda7-9219-6kce" }, { "vulnerability": "VCID-ukkt-wgau-t3et" }, { "vulnerability": "VCID-vwt9-q3dt-vbfg" }, { "vulnerability": "VCID-ysyp-h7ja-yff3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6" } ], "aliases": [ "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6041?format=api", "vulnerability_id": "VCID-wb34-g6xq-rkfx", "summary": "Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99366", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.9937", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99369", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99363", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99364", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.85514", "scoring_system": "epss", "scoring_elements": "0.99371", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402" }, { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gh2-xw74-jmcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gh2-xw74-jmcw" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9402", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9402" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200327-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200327-0004/" }, { "reference_url": "https://usn.ubuntu.com/4296-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4296-1" }, { "reference_url": "https://usn.ubuntu.com/4296-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4296-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4705", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4705" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/mar/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2020/mar/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2020/mar/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2020/mar/04/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810088", "reference_id": "1810088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102", "reference_id": "953102", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102" }, { "reference_url": "https://security.archlinux.org/ASA-202003-5", "reference_id": "ASA-202003-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-5" }, { "reference_url": "https://security.archlinux.org/AVG-1111", "reference_id": "AVG-1111", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10035?format=api", "purl": "pkg:pypi/django@1.11.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/10036?format=api", "purl": "pkg:pypi/django@2.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/10037?format=api", "purl": "pkg:pypi/django@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gan1-9gwu-63d2" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4" } ], "aliases": [ "BIT-django-2020-9402", "CVE-2020-9402", "GHSA-3gh2-xw74-jmcw", "PYSEC-2020-36" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wb34-g6xq-rkfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90613?format=api", "vulnerability_id": "VCID-x516-xwze-6ba3", "summary": "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)", "references": [ { "reference_url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/" }, { "reference_url": "https://seclists.org/bugtraq/2020/Jan/9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2020/Jan/9" }, { "reference_url": "https://security.gentoo.org/glsa/202004-17", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202004-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200110-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200110-0003/" }, { "reference_url": "https://usn.ubuntu.com/4224-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4224-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4598" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/dec/18/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9783?format=api", "purl": "pkg:pypi/django@1.11.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/9784?format=api", "purl": "pkg:pypi/django@2.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66w1-4zku-gyfp" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-9k9t-vp1a-z7bt" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c8s7-3g9m-d3cw" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-gp5e-nguh-5fdk" }, { "vulnerability": "VCID-hwa2-n7a2-pyg1" }, { "vulnerability": "VCID-j4br-4y39-s3gs" }, { "vulnerability": "VCID-kypj-ptb9-8qhz" }, { "vulnerability": "VCID-mmay-juu6-5ua9" }, { "vulnerability": "VCID-mzdk-m12w-q3fc" }, { "vulnerability": "VCID-pa75-6avj-duf7" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-th9v-dk98-3kea" }, { "vulnerability": "VCID-u7m5-tzv2-c7hn" }, { "vulnerability": "VCID-ume2-wt6y-jye7" }, { "vulnerability": "VCID-upy5-adtx-n7hg" }, { "vulnerability": "VCID-v4ad-xxy8-wfc9" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-w6k8-js68-87g4" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-wkrc-62bd-bbgx" }, { "vulnerability": "VCID-z8z1-cjee-kfeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9" } ], "aliases": [ "PYSEC-2019-86" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x516-xwze-6ba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5827?format=api", "vulnerability_id": "VCID-x664-bfna-6qdv", "summary": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.8071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80718", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80732", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80715", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.8066", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01439", "scoring_system": "epss", "scoring_elements": "0.80677", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-337x-4q8g-prc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-337x-4q8g-prc5" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQ" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://usn.ubuntu.com/3851-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3851-1" }, { "reference_url": "https://usn.ubuntu.com/3851-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3851-1/" }, { "reference_url": "https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4363", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4363" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/106453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106453" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663722", "reference_id": "1663722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663722" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230", "reference_id": "918230", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230" }, { "reference_url": "https://security.archlinux.org/ASA-201901-6", "reference_id": "ASA-201901-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-6" }, { "reference_url": "https://security.archlinux.org/AVG-839", "reference_id": "AVG-839", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-839" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498", "reference_id": "CVE-2019-3498", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7752?format=api", "purl": "pkg:pypi/django@1.11.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7753?format=api", "purl": "pkg:pypi/django@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/7754?format=api", "purl": "pkg:pypi/django@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5" } ], "aliases": [ "CVE-2019-3498", "GHSA-337x-4q8g-prc5", "PYSEC-2019-17" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x664-bfna-6qdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5844?format=api", "vulnerability_id": "VCID-xaqg-mhqa-7keg", "summary": "Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95194", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95211", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95231", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95228", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18399", "scoring_system": "epss", "scoring_elements": "0.95222", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wh4h-v3f2-r2pp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh4h-v3f2-r2pp" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227" }, { "reference_url": "https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676" }, { "reference_url": "https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQ" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/10" }, { "reference_url": "https://usn.ubuntu.com/3890-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3890-1" }, { "reference_url": "https://usn.ubuntu.com/3890-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3890-1/" }, { "reference_url": "https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4476" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/feb/11/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/02/11/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2019/02/11/1" }, { "reference_url": "http://www.securityfocus.com/bid/106964", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673642", "reference_id": "1673642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027", "reference_id": "922027", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027" }, { "reference_url": "https://security.archlinux.org/ASA-201902-14", "reference_id": "ASA-201902-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-14" }, { "reference_url": "https://security.archlinux.org/AVG-881", "reference_id": "AVG-881", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-881" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6975", "reference_id": "CVE-2019-6975", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6975" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8048?format=api", "purl": "pkg:pypi/django@1.11.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/8511?format=api", "purl": "pkg:pypi/django@1.11.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/34868?format=api", "purl": "pkg:pypi/django@2.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/8049?format=api", "purl": "pkg:pypi/django@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/34869?format=api", "purl": "pkg:pypi/django@2.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/8050?format=api", "purl": "pkg:pypi/django@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7" } ], "aliases": [ "CVE-2019-6975", "GHSA-wh4h-v3f2-r2pp", "PYSEC-2019-18" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xaqg-mhqa-7keg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89077?format=api", "vulnerability_id": "VCID-xne6-9e55-uued", "summary": "In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" }, { "reference_url": "https://usn.ubuntu.com/3851-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3851-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4363" }, { "reference_url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/106453", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106453" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7752?format=api", "purl": "pkg:pypi/django@1.11.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/7753?format=api", "purl": "pkg:pypi/django@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/7754?format=api", "purl": "pkg:pypi/django@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-3s9f-prpy-hbcx" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-b2ds-36xh-zfhp" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c2kc-1jh1-j3ha" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5" } ], "aliases": [ "PYSEC-2019-87" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xne6-9e55-uued" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5620?format=api", "vulnerability_id": "VCID-438j-ce4y-zkan", "summary": "In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95062", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95096", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95093", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95092", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95073", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95075", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17619", "scoring_system": "epss", "scoring_elements": "0.95086", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794" }, { "reference_url": "https://github.com/advisories/GHSA-9r8w-6x8c-6jr9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9r8w-6x8c-6jr9" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a" }, { "reference_url": "https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml" }, { "reference_url": "https://usn.ubuntu.com/3559-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3559-1" }, { "reference_url": "https://usn.ubuntu.com/3559-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3559-1/" }, { "reference_url": "https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264" }, { "reference_url": "https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643" }, { "reference_url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/100643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100643" }, { "reference_url": "http://www.securitytracker.com/id/1039264", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486451", "reference_id": "1486451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415", "reference_id": "874415", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12794", "reference_id": "CVE-2017-12794", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12794" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5307?format=api", "purl": "pkg:pypi/django@1.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-x516-xwze-6ba3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/5308?format=api", "purl": "pkg:pypi/django@1.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fs3-2msx-9kev" }, { "vulnerability": "VCID-1v22-g646-wbay" }, { "vulnerability": "VCID-2zb9-27sm-3kgh" }, { "vulnerability": "VCID-56na-n4w5-8fak" }, { "vulnerability": "VCID-6gss-ppm5-3yc9" }, { "vulnerability": "VCID-6xs7-fpvj-mbbw" }, { "vulnerability": "VCID-84mm-45p6-xkau" }, { "vulnerability": "VCID-896g-hqec-ryb9" }, { "vulnerability": "VCID-8jaq-53td-wbeg" }, { "vulnerability": "VCID-9uzd-mmyv-mfh4" }, { "vulnerability": "VCID-a8zx-jamf-cfcm" }, { "vulnerability": "VCID-be38-bevp-y7ae" }, { "vulnerability": "VCID-c3ne-nkd9-pug8" }, { "vulnerability": "VCID-e2jd-yd4j-kqgt" }, { "vulnerability": "VCID-f7dh-ahya-hfar" }, { "vulnerability": "VCID-hpg4-c6bk-s7c7" }, { "vulnerability": "VCID-jae8-w85w-cyfu" }, { "vulnerability": "VCID-jtru-9jmz-kkek" }, { "vulnerability": "VCID-k114-8z8u-2qh1" }, { "vulnerability": "VCID-mjsc-w5v5-t7cg" }, { "vulnerability": "VCID-mv1p-yxvp-pbh6" }, { "vulnerability": "VCID-qjez-qe32-e3b6" }, { "vulnerability": "VCID-qm34-ec8s-tfd7" }, { "vulnerability": "VCID-w2dv-u8h6-sbgs" }, { "vulnerability": "VCID-w4pr-k5nj-ckgy" }, { "vulnerability": "VCID-wb34-g6xq-rkfx" }, { "vulnerability": "VCID-x516-xwze-6ba3" }, { "vulnerability": "VCID-x664-bfna-6qdv" }, { "vulnerability": "VCID-xaqg-mhqa-7keg" }, { "vulnerability": "VCID-xne6-9e55-uued" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5" } ], "aliases": [ "CVE-2017-12794", "GHSA-9r8w-6x8c-6jr9", "PYSEC-2017-44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-438j-ce4y-zkan" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5" }