Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.0
Typepypi
Namespace
Namedjango
Version1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7b4
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-18gm-v5zp-tqf9
vulnerability_id VCID-18gm-v5zp-tqf9
summary Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
reference_id
reference_type
scores
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
1
reference_url http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/
reference_id
reference_type
scores
url http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/
2
reference_url http://secunia.com/advisories/36948
reference_id
reference_type
scores
url http://secunia.com/advisories/36948
3
reference_url http://secunia.com/advisories/36968
reference_id
reference_type
scores
url http://secunia.com/advisories/36968
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a
reference_id
reference_type
scores
url https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a
7
reference_url https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495
reference_id
reference_type
scores
url https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml
9
reference_url https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968
reference_id
reference_type
scores
url https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968
10
reference_url https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948
reference_id
reference_type
scores
url https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948
11
reference_url https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655
reference_id
reference_type
scores
url https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655
12
reference_url http://www.debian.org/security/2009/dsa-1905
reference_id
reference_type
scores
url http://www.debian.org/security/2009/dsa-1905
13
reference_url http://www.djangoproject.com/weblog/2009/oct/09/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2009/oct/09/security/
14
reference_url http://www.openwall.com/lists/oss-security/2009/10/13/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2009/10/13/6
15
reference_url http://www.securityfocus.com/bid/36655
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/36655
16
reference_url http://www.vupen.com/english/advisories/2009/2871
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2009/2871
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-3695
reference_id CVE-2009-3695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-3695
18
reference_url https://github.com/advisories/GHSA-p6m5-h7pp-v2x5
reference_id GHSA-p6m5-h7pp-v2x5
reference_type
scores
url https://github.com/advisories/GHSA-p6m5-h7pp-v2x5
fixed_packages
0
url pkg:pypi/django@1.0.4
purl pkg:pypi/django@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-4z7r-xd8z-3ybm
4
vulnerability VCID-5brz-383w-pfbb
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-66ax-8wdn-1bgb
7
vulnerability VCID-6wah-r8vr-5qc4
8
vulnerability VCID-7cnm-hzsf-tybp
9
vulnerability VCID-7g7m-bfe1-wkhd
10
vulnerability VCID-7rz2-nqdn-hycc
11
vulnerability VCID-8gus-er59-1qak
12
vulnerability VCID-8v2c-7739-2ugp
13
vulnerability VCID-912q-3eks-4yfm
14
vulnerability VCID-9bsf-vm3b-ubhw
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-bahz-gfxv-e3b2
17
vulnerability VCID-dh12-js4b-h7fw
18
vulnerability VCID-ffsr-th58-p3ct
19
vulnerability VCID-jfya-694v-myar
20
vulnerability VCID-ksh8-pazn-dbca
21
vulnerability VCID-mccp-khb9-qkb7
22
vulnerability VCID-r2a9-kym9-zqgq
23
vulnerability VCID-r7tk-79xy-jkhj
24
vulnerability VCID-rq19-9v21-47dy
25
vulnerability VCID-rxxr-sseq-k7a9
26
vulnerability VCID-sj21-65x3-buh5
27
vulnerability VCID-ta66-7qrm-sbhu
28
vulnerability VCID-u4a7-uvcb-9kf8
29
vulnerability VCID-u4sa-1yn4-h3ff
30
vulnerability VCID-u5u9-xbb6-93hc
31
vulnerability VCID-u6sd-648r-qbdb
32
vulnerability VCID-ukf6-xwqc-xkdc
33
vulnerability VCID-vdpf-jddk-syda
34
vulnerability VCID-vj5u-2ukv-audq
35
vulnerability VCID-weqb-fxu4-17e7
36
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.4
1
url pkg:pypi/django@1.1.1
purl pkg:pypi/django@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7cnm-hzsf-tybp
8
vulnerability VCID-7g7m-bfe1-wkhd
9
vulnerability VCID-7rz2-nqdn-hycc
10
vulnerability VCID-8gus-er59-1qak
11
vulnerability VCID-8v2c-7739-2ugp
12
vulnerability VCID-912q-3eks-4yfm
13
vulnerability VCID-9bsf-vm3b-ubhw
14
vulnerability VCID-9mpt-zxaw-kkeg
15
vulnerability VCID-bahz-gfxv-e3b2
16
vulnerability VCID-dh12-js4b-h7fw
17
vulnerability VCID-ffsr-th58-p3ct
18
vulnerability VCID-jfya-694v-myar
19
vulnerability VCID-ksh8-pazn-dbca
20
vulnerability VCID-kuyz-3pxs-r7cv
21
vulnerability VCID-mccp-khb9-qkb7
22
vulnerability VCID-n6ps-f6s6-zkbj
23
vulnerability VCID-r2a9-kym9-zqgq
24
vulnerability VCID-r7tk-79xy-jkhj
25
vulnerability VCID-rq19-9v21-47dy
26
vulnerability VCID-rxxr-sseq-k7a9
27
vulnerability VCID-ta66-7qrm-sbhu
28
vulnerability VCID-u4a7-uvcb-9kf8
29
vulnerability VCID-u5u9-xbb6-93hc
30
vulnerability VCID-u6sd-648r-qbdb
31
vulnerability VCID-vdpf-jddk-syda
32
vulnerability VCID-vj5u-2ukv-audq
33
vulnerability VCID-weqb-fxu4-17e7
34
vulnerability VCID-xf2n-qua7-m7fb
35
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1.1
aliases CVE-2009-3695, GHSA-p6m5-h7pp-v2x5, PYSEC-2009-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18gm-v5zp-tqf9
1
url VCID-u4sa-1yn4-h3ff
vulnerability_id VCID-u4sa-1yn4-h3ff
summary The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539134
reference_id
reference_type
scores
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539134
1
reference_url http://code.djangoproject.com/changeset/11353
reference_id
reference_type
scores
url http://code.djangoproject.com/changeset/11353
2
reference_url http://secunia.com/advisories/36137
reference_id
reference_type
scores
url http://secunia.com/advisories/36137
3
reference_url http://secunia.com/advisories/36153
reference_id
reference_type
scores
url http://secunia.com/advisories/36153
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/da85d76fd6ca846f3b0ff414e042ddb5e62e2e69
reference_id
reference_type
scores
url https://github.com/django/django/commit/da85d76fd6ca846f3b0ff414e042ddb5e62e2e69
6
reference_url https://github.com/django/django/commit/df7f917b7f51ba969faa49d000ffc79572c5dcb4
reference_id
reference_type
scores
url https://github.com/django/django/commit/df7f917b7f51ba969faa49d000ffc79572c5dcb4
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-3.yaml
8
reference_url https://web.archive.org/web/20111211001428/http://www.securityfocus.com/bid/35859
reference_id
reference_type
scores
url https://web.archive.org/web/20111211001428/http://www.securityfocus.com/bid/35859
9
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00055.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00055.html
10
reference_url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00069.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00069.html
11
reference_url http://www.djangoproject.com/weblog/2009/jul/28/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2009/jul/28/security/
12
reference_url http://www.openwall.com/lists/oss-security/2009/07/29/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2009/07/29/2
13
reference_url http://www.securityfocus.com/bid/35859
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/35859
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-2659
reference_id CVE-2009-2659
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-2659
15
reference_url https://github.com/advisories/GHSA-9xg7-gg9m-rmq9
reference_id GHSA-9xg7-gg9m-rmq9
reference_type
scores
url https://github.com/advisories/GHSA-9xg7-gg9m-rmq9
fixed_packages
0
url pkg:pypi/django@1.0.3
purl pkg:pypi/django@1.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gm-v5zp-tqf9
1
vulnerability VCID-38e1-hepp-vkg9
2
vulnerability VCID-3kza-a88p-kfg7
3
vulnerability VCID-3sg7-t77d-rkc6
4
vulnerability VCID-4z7r-xd8z-3ybm
5
vulnerability VCID-5brz-383w-pfbb
6
vulnerability VCID-5vmb-d4xp-zfgy
7
vulnerability VCID-66ax-8wdn-1bgb
8
vulnerability VCID-6wah-r8vr-5qc4
9
vulnerability VCID-7cnm-hzsf-tybp
10
vulnerability VCID-7g7m-bfe1-wkhd
11
vulnerability VCID-7rz2-nqdn-hycc
12
vulnerability VCID-8gus-er59-1qak
13
vulnerability VCID-8v2c-7739-2ugp
14
vulnerability VCID-912q-3eks-4yfm
15
vulnerability VCID-9bsf-vm3b-ubhw
16
vulnerability VCID-9mpt-zxaw-kkeg
17
vulnerability VCID-bahz-gfxv-e3b2
18
vulnerability VCID-dh12-js4b-h7fw
19
vulnerability VCID-ffsr-th58-p3ct
20
vulnerability VCID-jfya-694v-myar
21
vulnerability VCID-ksh8-pazn-dbca
22
vulnerability VCID-mccp-khb9-qkb7
23
vulnerability VCID-r2a9-kym9-zqgq
24
vulnerability VCID-r7tk-79xy-jkhj
25
vulnerability VCID-rq19-9v21-47dy
26
vulnerability VCID-rxxr-sseq-k7a9
27
vulnerability VCID-sj21-65x3-buh5
28
vulnerability VCID-ta66-7qrm-sbhu
29
vulnerability VCID-u4a7-uvcb-9kf8
30
vulnerability VCID-u4sa-1yn4-h3ff
31
vulnerability VCID-u5u9-xbb6-93hc
32
vulnerability VCID-u6sd-648r-qbdb
33
vulnerability VCID-ukf6-xwqc-xkdc
34
vulnerability VCID-vdpf-jddk-syda
35
vulnerability VCID-vj5u-2ukv-audq
36
vulnerability VCID-weqb-fxu4-17e7
37
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.3
1
url pkg:pypi/django@1.1
purl pkg:pypi/django@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gm-v5zp-tqf9
1
vulnerability VCID-38e1-hepp-vkg9
2
vulnerability VCID-3kza-a88p-kfg7
3
vulnerability VCID-3sg7-t77d-rkc6
4
vulnerability VCID-5brz-383w-pfbb
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-66ax-8wdn-1bgb
7
vulnerability VCID-6wah-r8vr-5qc4
8
vulnerability VCID-7cnm-hzsf-tybp
9
vulnerability VCID-7g7m-bfe1-wkhd
10
vulnerability VCID-7rz2-nqdn-hycc
11
vulnerability VCID-8gus-er59-1qak
12
vulnerability VCID-8v2c-7739-2ugp
13
vulnerability VCID-912q-3eks-4yfm
14
vulnerability VCID-9bsf-vm3b-ubhw
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-bahz-gfxv-e3b2
17
vulnerability VCID-dh12-js4b-h7fw
18
vulnerability VCID-ffsr-th58-p3ct
19
vulnerability VCID-jfya-694v-myar
20
vulnerability VCID-ksh8-pazn-dbca
21
vulnerability VCID-kuyz-3pxs-r7cv
22
vulnerability VCID-mccp-khb9-qkb7
23
vulnerability VCID-n6ps-f6s6-zkbj
24
vulnerability VCID-r2a9-kym9-zqgq
25
vulnerability VCID-r7tk-79xy-jkhj
26
vulnerability VCID-rq19-9v21-47dy
27
vulnerability VCID-rxxr-sseq-k7a9
28
vulnerability VCID-ta66-7qrm-sbhu
29
vulnerability VCID-u4a7-uvcb-9kf8
30
vulnerability VCID-u5u9-xbb6-93hc
31
vulnerability VCID-u6sd-648r-qbdb
32
vulnerability VCID-vdpf-jddk-syda
33
vulnerability VCID-vj5u-2ukv-audq
34
vulnerability VCID-weqb-fxu4-17e7
35
vulnerability VCID-xf2n-qua7-m7fb
36
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1
aliases CVE-2009-2659, GHSA-9xg7-gg9m-rmq9, PYSEC-2009-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4sa-1yn4-h3ff
Fixing_vulnerabilities
0
url VCID-84qe-mdwm-y3ey
vulnerability_id VCID-84qe-mdwm-y3ey
summary 
Django Improper Access Control
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
references
0
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
1
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
2
reference_url https://github.com/django/django/commit/3c5782287e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c5782287e
3
reference_url https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67
reference_id
reference_type
scores
url https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0405
reference_id CVE-2007-0405
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-0405
5
reference_url https://github.com/advisories/GHSA-mwv2-398h-v489
reference_id GHSA-mwv2-398h-v489
reference_type
scores
url https://github.com/advisories/GHSA-mwv2-398h-v489
fixed_packages
0
url pkg:pypi/django@1.0
purl pkg:pypi/django@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gm-v5zp-tqf9
1
vulnerability VCID-u4sa-1yn4-h3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0
aliases CVE-2007-0405, GHSA-mwv2-398h-v489
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84qe-mdwm-y3ey
1
url VCID-kc75-qwxj-hbec
vulnerability_id VCID-kc75-qwxj-hbec
summary 
Django Arbitrary Code Execution
`bin/compile-messages.py` in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
references
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
reference_id
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/518d406e53
reference_id
reference_type
scores
url https://github.com/django/django/commit/518d406e53
4
reference_url https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
reference_id
reference_type
scores
url https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2007-0404
reference_id CVE-2007-0404
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2007-0404
6
reference_url https://github.com/advisories/GHSA-qc99-g3wm-hgxr
reference_id GHSA-qc99-g3wm-hgxr
reference_type
scores
url https://github.com/advisories/GHSA-qc99-g3wm-hgxr
fixed_packages
0
url pkg:pypi/django@1.0
purl pkg:pypi/django@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gm-v5zp-tqf9
1
vulnerability VCID-u4sa-1yn4-h3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0
aliases CVE-2007-0404, GHSA-qc99-g3wm-hgxr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kc75-qwxj-hbec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0