Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.2.4
Typepypi
Namespace
Namedjango
Version1.2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7b4
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-38e1-hepp-vkg9
vulnerability_id VCID-38e1-hepp-vkg9
summary The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
references
0
reference_url http://openwall.com/lists/oss-security/2011/09/11/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/11/1
1
reference_url http://openwall.com/lists/oss-security/2011/09/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/13/2
2
reference_url http://openwall.com/lists/oss-security/2011/09/15/5
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/15/5
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737366
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737366
4
reference_url http://secunia.com/advisories/46614
reference_id
reference_type
scores
url http://secunia.com/advisories/46614
5
reference_url https://github.com/advisories/GHSA-3jqw-crqj-w8qw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-3jqw-crqj-w8qw
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0
8
reference_url https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930
reference_id
reference_type
scores
url https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-2.yaml
10
reference_url https://hermes.opensuse.org/messages/14700881
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/14700881
11
reference_url https://www.djangoproject.com/weblog/2011/sep/09
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09
12
reference_url https://www.djangoproject.com/weblog/2011/sep/09/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09/
13
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127
14
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127/
15
reference_url http://www.debian.org/security/2011/dsa-2332
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2332
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4137
reference_id CVE-2011-4137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-4137
fixed_packages
0
url pkg:pypi/django@1.2.7
purl pkg:pypi/django@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-7g7m-bfe1-wkhd
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bsf-vm3b-ubhw
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-vj5u-2ukv-audq
25
vulnerability VCID-weqb-fxu4-17e7
26
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7
1
url pkg:pypi/django@1.3.1
purl pkg:pypi/django@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u6sd-648r-qbdb
26
vulnerability VCID-vdpf-jddk-syda
27
vulnerability VCID-vj5u-2ukv-audq
28
vulnerability VCID-weqb-fxu4-17e7
29
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1
aliases CVE-2011-4137, GHSA-3jqw-crqj-w8qw, PYSEC-2011-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38e1-hepp-vkg9
1
url VCID-3kza-a88p-kfg7
vulnerability_id VCID-3kza-a88p-kfg7
summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
references
0
reference_url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1594.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1595.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1596.html
4
reference_url http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Jul/53
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
7
reference_url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
8
reference_url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
14
reference_url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
15
reference_url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
16
reference_url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
17
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
18
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
19
reference_url https://www.exploit-db.com/exploits/40129
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129
20
reference_url https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129/
21
reference_url http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3622
22
reference_url http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/538947/100/0/threaded
23
reference_url http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92058
24
reference_url http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036338
25
reference_url http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3039-1
26
reference_url http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url http://www.vulnerability-lab.com/get_content.php?id=1869
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
reference_id CVE-2016-6186
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
28
reference_url https://github.com/advisories/GHSA-c8c8-9472-w52h
reference_id GHSA-c8c8-9472-w52h
reference_type
scores
url https://github.com/advisories/GHSA-c8c8-9472-w52h
fixed_packages
0
url pkg:pypi/django@1.8.14
purl pkg:pypi/django@1.8.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
8
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14
1
url pkg:pypi/django@1.9.8
purl pkg:pypi/django@1.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8
2
url pkg:pypi/django@1.10rc1
purl pkg:pypi/django@1.10rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1
aliases CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7
2
url VCID-3sg7-t77d-rkc6
vulnerability_id VCID-3sg7-t77d-rkc6
summary The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/1170f285ddd6a94a65f911a27788ba49ca08c0b0
reference_id
reference_type
scores
url https://github.com/django/django/commit/1170f285ddd6a94a65f911a27788ba49ca08c0b0
6
reference_url https://github.com/django/django/commit/6872f42757d7ef6a97e0b6ec5db4d2615d8a2bd8
reference_id
reference_type
scores
url https://github.com/django/django/commit/6872f42757d7ef6a97e0b6ec5db4d2615d8a2bd8
7
reference_url https://github.com/django/django/commit/d63e20942f3024f24cb8cd85a49461ba8a9b6736
reference_id
reference_type
scores
url https://github.com/django/django/commit/d63e20942f3024f24cb8cd85a49461ba8a9b6736
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-2.yaml
9
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security
10
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
11
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
12
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0473
reference_id CVE-2014-0473
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-0473
14
reference_url https://github.com/advisories/GHSA-89hj-xfx5-7q66
reference_id GHSA-89hj-xfx5-7q66
reference_type
scores
url https://github.com/advisories/GHSA-89hj-xfx5-7q66
fixed_packages
0
url pkg:pypi/django@1.4.11
purl pkg:pypi/django@1.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-kq8u-td31-uqaa
14
vulnerability VCID-ksh8-pazn-dbca
15
vulnerability VCID-mccp-khb9-qkb7
16
vulnerability VCID-r7tk-79xy-jkhj
17
vulnerability VCID-rxxr-sseq-k7a9
18
vulnerability VCID-ta66-7qrm-sbhu
19
vulnerability VCID-th75-ys47-d3h8
20
vulnerability VCID-u4a7-uvcb-9kf8
21
vulnerability VCID-u6sd-648r-qbdb
22
vulnerability VCID-vdpf-jddk-syda
23
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11
1
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
2
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0473, GHSA-89hj-xfx5-7q66, PYSEC-2014-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg7-t77d-rkc6
3
url VCID-5brz-383w-pfbb
vulnerability_id VCID-5brz-383w-pfbb
summary django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.
references
0
reference_url http://openwall.com/lists/oss-security/2011/09/11/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/11/1
1
reference_url http://openwall.com/lists/oss-security/2011/09/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/13/2
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737366
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737366
3
reference_url http://secunia.com/advisories/46614
reference_id
reference_type
scores
url http://secunia.com/advisories/46614
4
reference_url https://github.com/advisories/GHSA-x88j-93vc-wpmp
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-x88j-93vc-wpmp
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/ac7c3a110f906e4dfed3a17451bf7fd9fcb81296
reference_id
reference_type
scores
url https://github.com/django/django/commit/ac7c3a110f906e4dfed3a17451bf7fd9fcb81296
7
reference_url https://github.com/django/django/commit/fbe2eead2fa9d808658ca582241bcacb02618840
reference_id
reference_type
scores
url https://github.com/django/django/commit/fbe2eead2fa9d808658ca582241bcacb02618840
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-1.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-1.yaml
9
reference_url https://hermes.opensuse.org/messages/14700881
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/14700881
10
reference_url https://www.djangoproject.com/weblog/2011/sep/09
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09
11
reference_url https://www.djangoproject.com/weblog/2011/sep/09/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09/
12
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127
13
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127/
14
reference_url http://www.debian.org/security/2011/dsa-2332
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2332
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4136
reference_id CVE-2011-4136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-4136
fixed_packages
0
url pkg:pypi/django@1.2.7
purl pkg:pypi/django@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-7g7m-bfe1-wkhd
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bsf-vm3b-ubhw
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-vj5u-2ukv-audq
25
vulnerability VCID-weqb-fxu4-17e7
26
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7
1
url pkg:pypi/django@1.3.1
purl pkg:pypi/django@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u6sd-648r-qbdb
26
vulnerability VCID-vdpf-jddk-syda
27
vulnerability VCID-vj5u-2ukv-audq
28
vulnerability VCID-weqb-fxu4-17e7
29
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1
aliases CVE-2011-4136, GHSA-x88j-93vc-wpmp, PYSEC-2011-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5brz-383w-pfbb
4
url VCID-5vmb-d4xp-zfgy
vulnerability_id VCID-5vmb-d4xp-zfgy
summary Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
9
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
12
reference_url http://www.ubuntu.com/usn/USN-2469-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2469-1
fixed_packages
0
url pkg:pypi/django@1.4.18
purl pkg:pypi/django@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18
1
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
2
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0219, PYSEC-2015-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vmb-d4xp-zfgy
5
url VCID-66ax-8wdn-1bgb
vulnerability_id VCID-66ax-8wdn-1bgb
summary The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.
references
0
reference_url http://openwall.com/lists/oss-security/2011/09/11/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/11/1
1
reference_url http://openwall.com/lists/oss-security/2011/09/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/13/2
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737366
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737366
3
reference_url http://secunia.com/advisories/46614
reference_id
reference_type
scores
url http://secunia.com/advisories/46614
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0
6
reference_url https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930
reference_id
reference_type
scores
url https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-3.yaml
8
reference_url https://hermes.opensuse.org/messages/14700881
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/14700881
9
reference_url https://www.djangoproject.com/weblog/2011/sep/09
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09
10
reference_url https://www.djangoproject.com/weblog/2011/sep/09/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09/
11
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127
12
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127/
13
reference_url http://www.debian.org/security/2011/dsa-2332
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2332
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4138
reference_id CVE-2011-4138
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-4138
15
reference_url https://github.com/advisories/GHSA-wxg3-mfph-qg9w
reference_id GHSA-wxg3-mfph-qg9w
reference_type
scores
url https://github.com/advisories/GHSA-wxg3-mfph-qg9w
fixed_packages
0
url pkg:pypi/django@1.2.7
purl pkg:pypi/django@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-7g7m-bfe1-wkhd
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bsf-vm3b-ubhw
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-vj5u-2ukv-audq
25
vulnerability VCID-weqb-fxu4-17e7
26
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7
1
url pkg:pypi/django@1.3.1
purl pkg:pypi/django@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u6sd-648r-qbdb
26
vulnerability VCID-vdpf-jddk-syda
27
vulnerability VCID-vj5u-2ukv-audq
28
vulnerability VCID-weqb-fxu4-17e7
29
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1
aliases CVE-2011-4138, GHSA-wxg3-mfph-qg9w, PYSEC-2011-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66ax-8wdn-1bgb
6
url VCID-6wah-r8vr-5qc4
vulnerability_id VCID-6wah-r8vr-5qc4
summary The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
reference_id
reference_type
scores
url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83878
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83878
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2513, PYSEC-2016-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4
7
url VCID-7g7m-bfe1-wkhd
vulnerability_id VCID-7g7m-bfe1-wkhd
summary The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.
references
0
reference_url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
1
reference_url http://www.debian.org/security/2012/dsa-2529
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2529
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
3
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/1
4
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/2
5
reference_url http://www.ubuntu.com/usn/USN-1560-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1560-1
fixed_packages
0
url pkg:pypi/django@1.3.2
purl pkg:pypi/django@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7rz2-nqdn-hycc
8
vulnerability VCID-8gus-er59-1qak
9
vulnerability VCID-8v2c-7739-2ugp
10
vulnerability VCID-912q-3eks-4yfm
11
vulnerability VCID-9mpt-zxaw-kkeg
12
vulnerability VCID-bahz-gfxv-e3b2
13
vulnerability VCID-dh12-js4b-h7fw
14
vulnerability VCID-ffsr-th58-p3ct
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-ksh8-pazn-dbca
17
vulnerability VCID-mccp-khb9-qkb7
18
vulnerability VCID-r7tk-79xy-jkhj
19
vulnerability VCID-rq19-9v21-47dy
20
vulnerability VCID-rxxr-sseq-k7a9
21
vulnerability VCID-ta66-7qrm-sbhu
22
vulnerability VCID-u4a7-uvcb-9kf8
23
vulnerability VCID-u6sd-648r-qbdb
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2
1
url pkg:pypi/django@1.4.1
purl pkg:pypi/django@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-71t1-69yq-c7h6
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bqp-b6rw-mye7
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-g2z3-2h8p-c7ge
18
vulnerability VCID-jfya-694v-myar
19
vulnerability VCID-kq8u-td31-uqaa
20
vulnerability VCID-ksh8-pazn-dbca
21
vulnerability VCID-mccp-khb9-qkb7
22
vulnerability VCID-ps24-pjj4-uqd1
23
vulnerability VCID-r7tk-79xy-jkhj
24
vulnerability VCID-rq19-9v21-47dy
25
vulnerability VCID-rxxr-sseq-k7a9
26
vulnerability VCID-ta66-7qrm-sbhu
27
vulnerability VCID-th75-ys47-d3h8
28
vulnerability VCID-u4a7-uvcb-9kf8
29
vulnerability VCID-u6sd-648r-qbdb
30
vulnerability VCID-vdpf-jddk-syda
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-x212-mskt-9bbw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1
aliases CVE-2012-3443, PYSEC-2012-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g7m-bfe1-wkhd
8
url VCID-7rz2-nqdn-hycc
vulnerability_id VCID-7rz2-nqdn-hycc
summary The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/45ac9d4fb087d21902469fc22643f5201d41a0cd
reference_id
reference_type
scores
url https://github.com/django/django/commit/45ac9d4fb087d21902469fc22643f5201d41a0cd
6
reference_url https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e
reference_id
reference_type
scores
url https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e
7
reference_url https://github.com/django/django/commit/da051da8df5e69944745072611351d4cfc6435d5
reference_id
reference_type
scores
url https://github.com/django/django/commit/da051da8df5e69944745072611351d4cfc6435d5
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-4.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-4.yaml
9
reference_url https://web.archive.org/web/20140918034351/http://www.securityfocus.com/bid/69425
reference_id
reference_type
scores
url https://web.archive.org/web/20140918034351/http://www.securityfocus.com/bid/69425
10
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security
11
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
12
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
13
reference_url http://www.securityfocus.com/bid/69425
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/69425
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0480
reference_id CVE-2014-0480
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-0480
15
reference_url https://github.com/advisories/GHSA-f7cm-ccfp-3q4r
reference_id GHSA-f7cm-ccfp-3q4r
reference_type
scores
url https://github.com/advisories/GHSA-f7cm-ccfp-3q4r
fixed_packages
0
url pkg:pypi/django@1.4.14
purl pkg:pypi/django@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-kq8u-td31-uqaa
10
vulnerability VCID-ksh8-pazn-dbca
11
vulnerability VCID-mccp-khb9-qkb7
12
vulnerability VCID-rxxr-sseq-k7a9
13
vulnerability VCID-ta66-7qrm-sbhu
14
vulnerability VCID-th75-ys47-d3h8
15
vulnerability VCID-u6sd-648r-qbdb
16
vulnerability VCID-vdpf-jddk-syda
17
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14
1
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
2
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0480, GHSA-f7cm-ccfp-3q4r, PYSEC-2014-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rz2-nqdn-hycc
9
url VCID-8gus-er59-1qak
vulnerability_id VCID-8gus-er59-1qak
summary multiple issues
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
6
reference_url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
7
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
8
reference_url http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94068
9
reference_url http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037159
10
reference_url http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3115-1
11
reference_url https://security.archlinux.org/ASA-201611-15
reference_id ASA-201611-15
reference_type
scores
url https://security.archlinux.org/ASA-201611-15
12
reference_url https://security.archlinux.org/AVG-57
reference_id AVG-57
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-57
fixed_packages
0
url pkg:pypi/django@1.8.16
purl pkg:pypi/django@1.8.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-c58g-7jpv-t7hc
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
5
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16
1
url pkg:pypi/django@1.9.11
purl pkg:pypi/django@1.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-rruq-9scz-vbg8
2
vulnerability VCID-upbz-vg19-rugv
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11
2
url pkg:pypi/django@1.10.3
purl pkg:pypi/django@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3
aliases CVE-2016-9014, PYSEC-2016-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak
10
url VCID-8v2c-7739-2ugp
vulnerability_id VCID-8v2c-7739-2ugp
summary The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/027bd348642007617518379f8b02546abacaa6e0
reference_id
reference_type
scores
url https://github.com/django/django/commit/027bd348642007617518379f8b02546abacaa6e0
6
reference_url https://github.com/django/django/commit/2a446c896e7c814661fb9c4f212b071b2a7fa446
reference_id
reference_type
scores
url https://github.com/django/django/commit/2a446c896e7c814661fb9c4f212b071b2a7fa446
7
reference_url https://github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6
reference_id
reference_type
scores
url https://github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6
8
reference_url https://github.com/django/django/commit/f7c494f2506250b8cb5923714360a3642ed63e0f
reference_id
reference_type
scores
url https://github.com/django/django/commit/f7c494f2506250b8cb5923714360a3642ed63e0f
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-7.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-7.yaml
10
reference_url https://web.archive.org/web/20151016194735/http://secunia.com/advisories/61276
reference_id
reference_type
scores
url https://web.archive.org/web/20151016194735/http://secunia.com/advisories/61276
11
reference_url https://web.archive.org/web/20151016202523/http://secunia.com/advisories/59782
reference_id
reference_type
scores
url https://web.archive.org/web/20151016202523/http://secunia.com/advisories/59782
12
reference_url https://web.archive.org/web/20151023143840/http://secunia.com/advisories/61281
reference_id
reference_type
scores
url https://web.archive.org/web/20151023143840/http://secunia.com/advisories/61281
13
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security
14
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
15
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0483
reference_id CVE-2014-0483
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-0483
17
reference_url https://github.com/advisories/GHSA-rw75-m7gp-92m3
reference_id GHSA-rw75-m7gp-92m3
reference_type
scores
url https://github.com/advisories/GHSA-rw75-m7gp-92m3
fixed_packages
0
url pkg:pypi/django@1.4.14
purl pkg:pypi/django@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-kq8u-td31-uqaa
10
vulnerability VCID-ksh8-pazn-dbca
11
vulnerability VCID-mccp-khb9-qkb7
12
vulnerability VCID-rxxr-sseq-k7a9
13
vulnerability VCID-ta66-7qrm-sbhu
14
vulnerability VCID-th75-ys47-d3h8
15
vulnerability VCID-u6sd-648r-qbdb
16
vulnerability VCID-vdpf-jddk-syda
17
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14
1
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
2
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
3
url pkg:pypi/django@1.7rc3
purl pkg:pypi/django@1.7rc3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7rc3
aliases CVE-2014-0483, GHSA-rw75-m7gp-92m3, PYSEC-2014-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8v2c-7739-2ugp
11
url VCID-912q-3eks-4yfm
vulnerability_id VCID-912q-3eks-4yfm
summary The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
5
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
6
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
7
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
8
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
9
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
fixed_packages
0
url pkg:pypi/django@1.4.18
purl pkg:pypi/django@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18
1
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
2
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0220, PYSEC-2015-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-912q-3eks-4yfm
12
url VCID-9bsf-vm3b-ubhw
vulnerability_id VCID-9bsf-vm3b-ubhw
summary The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
references
0
reference_url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
1
reference_url http://www.debian.org/security/2012/dsa-2529
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2529
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
3
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/1
4
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/2
5
reference_url http://www.ubuntu.com/usn/USN-1560-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1560-1
fixed_packages
0
url pkg:pypi/django@1.3.2
purl pkg:pypi/django@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7rz2-nqdn-hycc
8
vulnerability VCID-8gus-er59-1qak
9
vulnerability VCID-8v2c-7739-2ugp
10
vulnerability VCID-912q-3eks-4yfm
11
vulnerability VCID-9mpt-zxaw-kkeg
12
vulnerability VCID-bahz-gfxv-e3b2
13
vulnerability VCID-dh12-js4b-h7fw
14
vulnerability VCID-ffsr-th58-p3ct
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-ksh8-pazn-dbca
17
vulnerability VCID-mccp-khb9-qkb7
18
vulnerability VCID-r7tk-79xy-jkhj
19
vulnerability VCID-rq19-9v21-47dy
20
vulnerability VCID-rxxr-sseq-k7a9
21
vulnerability VCID-ta66-7qrm-sbhu
22
vulnerability VCID-u4a7-uvcb-9kf8
23
vulnerability VCID-u6sd-648r-qbdb
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2
1
url pkg:pypi/django@1.4.1
purl pkg:pypi/django@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-71t1-69yq-c7h6
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bqp-b6rw-mye7
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-g2z3-2h8p-c7ge
18
vulnerability VCID-jfya-694v-myar
19
vulnerability VCID-kq8u-td31-uqaa
20
vulnerability VCID-ksh8-pazn-dbca
21
vulnerability VCID-mccp-khb9-qkb7
22
vulnerability VCID-ps24-pjj4-uqd1
23
vulnerability VCID-r7tk-79xy-jkhj
24
vulnerability VCID-rq19-9v21-47dy
25
vulnerability VCID-rxxr-sseq-k7a9
26
vulnerability VCID-ta66-7qrm-sbhu
27
vulnerability VCID-th75-ys47-d3h8
28
vulnerability VCID-u4a7-uvcb-9kf8
29
vulnerability VCID-u6sd-648r-qbdb
30
vulnerability VCID-vdpf-jddk-syda
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-x212-mskt-9bbw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1
aliases CVE-2012-3442, PYSEC-2012-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bsf-vm3b-ubhw
13
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
14
url VCID-bahz-gfxv-e3b2
vulnerability_id VCID-bahz-gfxv-e3b2
summary The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b
reference_id
reference_type
scores
url https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b
6
reference_url https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1
reference_id
reference_type
scores
url https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1
7
reference_url https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9
reference_id
reference_type
scores
url https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9
8
reference_url https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04
reference_id
reference_type
scores
url https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml
10
reference_url https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319
11
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
12
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
13
reference_url http://ubuntu.com/usn/usn-2539-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2539-1
14
reference_url http://www.debian.org/security/2015/dsa-3204
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3204
15
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
16
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
17
reference_url http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73319
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2317
reference_id CVE-2015-2317
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-2317
19
reference_url https://github.com/advisories/GHSA-7fq8-4pv5-5w5c
reference_id GHSA-7fq8-4pv5-5w5c
reference_type
scores
url https://github.com/advisories/GHSA-7fq8-4pv5-5w5c
fixed_packages
0
url pkg:pypi/django@1.4.20
purl pkg:pypi/django@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-th75-ys47-d3h8
10
vulnerability VCID-u6sd-648r-qbdb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.20
1
url pkg:pypi/django@1.6.11
purl pkg:pypi/django@1.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-mccp-khb9-qkb7
7
vulnerability VCID-rxxr-sseq-k7a9
8
vulnerability VCID-u6sd-648r-qbdb
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11
2
url pkg:pypi/django@1.7.7
purl pkg:pypi/django@1.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-th75-ys47-d3h8
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7
3
url pkg:pypi/django@1.8rc1
purl pkg:pypi/django@1.8rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1
aliases CVE-2015-2317, GHSA-7fq8-4pv5-5w5c, PYSEC-2015-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahz-gfxv-e3b2
15
url VCID-dh12-js4b-h7fw
vulnerability_id VCID-dh12-js4b-h7fw
summary ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/bcfb47780ce7caecb409a9e9c1c314266e41d392
reference_id
reference_type
scores
url https://github.com/django/django/commit/bcfb47780ce7caecb409a9e9c1c314266e41d392
10
reference_url https://github.com/django/django/commit/d7a06ee7e571b6dad07c0f5b519b1db02e2a476c
reference_id
reference_type
scores
url https://github.com/django/django/commit/d7a06ee7e571b6dad07c0f5b519b1db02e2a476c
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-7.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-7.yaml
12
reference_url https://web.archive.org/web/20161201073154/http://secunia.com/advisories/62285
reference_id
reference_type
scores
url https://web.archive.org/web/20161201073154/http://secunia.com/advisories/62285
13
reference_url https://web.archive.org/web/20161201073337/http://secunia.com/advisories/62309
reference_id
reference_type
scores
url https://web.archive.org/web/20161201073337/http://secunia.com/advisories/62309
14
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security
15
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
16
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
17
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0222
reference_id CVE-2015-0222
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-0222
19
reference_url https://github.com/advisories/GHSA-6g95-x6cj-mg4v
reference_id GHSA-6g95-x6cj-mg4v
reference_type
scores
url https://github.com/advisories/GHSA-6g95-x6cj-mg4v
fixed_packages
0
url pkg:pypi/django@1.4.18
purl pkg:pypi/django@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18
1
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
2
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0222, GHSA-6g95-x6cj-mg4v, PYSEC-2015-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh12-js4b-h7fw
16
url VCID-ffsr-th58-p3ct
vulnerability_id VCID-ffsr-th58-p3ct
summary The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
5
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
6
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
fixed_packages
0
url pkg:pypi/django@1.4.11
purl pkg:pypi/django@1.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-kq8u-td31-uqaa
14
vulnerability VCID-ksh8-pazn-dbca
15
vulnerability VCID-mccp-khb9-qkb7
16
vulnerability VCID-r7tk-79xy-jkhj
17
vulnerability VCID-rxxr-sseq-k7a9
18
vulnerability VCID-ta66-7qrm-sbhu
19
vulnerability VCID-th75-ys47-d3h8
20
vulnerability VCID-u4a7-uvcb-9kf8
21
vulnerability VCID-u6sd-648r-qbdb
22
vulnerability VCID-vdpf-jddk-syda
23
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11
1
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
2
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0474, PYSEC-2014-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffsr-th58-p3ct
17
url VCID-jfya-694v-myar
vulnerability_id VCID-jfya-694v-myar
summary The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-1678.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1678.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-1686.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1686.html
5
reference_url https://github.com/advisories/GHSA-h582-2pch-3xv3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h582-2pch-3xv3
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
reference_id
reference_type
scores
url https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
8
reference_url https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
reference_id
reference_type
scores
url https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
9
reference_url https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
reference_id
reference_type
scores
url https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
11
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
12
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
13
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
14
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
15
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
16
reference_url http://www.securityfocus.com/bid/75666
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75666
17
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
18
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5143
reference_id CVE-2015-5143
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5143
fixed_packages
0
url pkg:pypi/django@1.4.21
purl pkg:pypi/django@1.4.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-u6sd-648r-qbdb
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.21
1
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
2
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfya-694v-myar
18
url VCID-ksh8-pazn-dbca
vulnerability_id VCID-ksh8-pazn-dbca
summary The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83879
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83879
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2512, PYSEC-2016-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca
19
url VCID-kuyz-3pxs-r7cv
vulnerability_id VCID-kuyz-3pxs-r7cv
summary Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
2
reference_url http://openwall.com/lists/oss-security/2011/02/09/6
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/02/09/6
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=676357
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=676357
4
reference_url http://secunia.com/advisories/43230
reference_id
reference_type
scores
url http://secunia.com/advisories/43230
5
reference_url http://secunia.com/advisories/43297
reference_id
reference_type
scores
url http://secunia.com/advisories/43297
6
reference_url http://secunia.com/advisories/43382
reference_id
reference_type
scores
url http://secunia.com/advisories/43382
7
reference_url http://secunia.com/advisories/43426
reference_id
reference_type
scores
url http://secunia.com/advisories/43426
8
reference_url https://github.com/advisories/GHSA-5j2h-h5hg-3wf8
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5j2h-h5hg-3wf8
9
reference_url https://github.com/django/django/commit/408c5c873ce1437c7eee9544ff279ecbad7e150a
reference_id
reference_type
scores
url https://github.com/django/django/commit/408c5c873ce1437c7eee9544ff279ecbad7e150a
10
reference_url https://github.com/django/django/commit/818e70344e7193f6ebc73c82ed574e6ce3c91afc
reference_id
reference_type
scores
url https://github.com/django/django/commit/818e70344e7193f6ebc73c82ed574e6ce3c91afc
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-10.yaml
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-30.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-30.yaml
13
reference_url http://www.debian.org/security/2011/dsa-2163
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2163
14
reference_url http://www.djangoproject.com/weblog/2011/feb/08/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2011/feb/08/security/
15
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
16
reference_url http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46296
17
reference_url http://www.ubuntu.com/usn/USN-1066-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1066-1
18
reference_url http://www.vupen.com/english/advisories/2011/0372
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0372
19
reference_url http://www.vupen.com/english/advisories/2011/0388
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0388
20
reference_url http://www.vupen.com/english/advisories/2011/0429
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0429
21
reference_url http://www.vupen.com/english/advisories/2011/0439
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0439
22
reference_url http://www.vupen.com/english/advisories/2011/0441
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0441
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0696
reference_id CVE-2011-0696
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-0696
fixed_packages
0
url pkg:pypi/django@1.2.5
purl pkg:pypi/django@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u5u9-xbb6-93hc
26
vulnerability VCID-u6sd-648r-qbdb
27
vulnerability VCID-vdpf-jddk-syda
28
vulnerability VCID-vj5u-2ukv-audq
29
vulnerability VCID-weqb-fxu4-17e7
30
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.5
aliases CVE-2011-0696, GHSA-5j2h-h5hg-3wf8, PYSEC-2011-10, PYSEC-2011-30
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuyz-3pxs-r7cv
20
url VCID-mccp-khb9-qkb7
vulnerability_id VCID-mccp-khb9-qkb7
summary Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
4
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
5
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
6
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
7
reference_url http://www.securityfocus.com/bid/75665
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75665
8
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
9
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
fixed_packages
0
url pkg:pypi/django@1.4.21
purl pkg:pypi/django@1.4.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-u6sd-648r-qbdb
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.21
1
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
2
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5144, PYSEC-2015-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mccp-khb9-qkb7
21
url VCID-n6ps-f6s6-zkbj
vulnerability_id VCID-n6ps-f6s6-zkbj
summary Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
2
reference_url http://openwall.com/lists/oss-security/2011/02/09/6
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/02/09/6
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=676359
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=676359
4
reference_url http://secunia.com/advisories/43230
reference_id
reference_type
scores
url http://secunia.com/advisories/43230
5
reference_url http://secunia.com/advisories/43297
reference_id
reference_type
scores
url http://secunia.com/advisories/43297
6
reference_url http://secunia.com/advisories/43382
reference_id
reference_type
scores
url http://secunia.com/advisories/43382
7
reference_url http://secunia.com/advisories/43426
reference_id
reference_type
scores
url http://secunia.com/advisories/43426
8
reference_url https://github.com/advisories/GHSA-8m3r-rv5g-fcpq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8m3r-rv5g-fcpq
9
reference_url https://github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
reference_id
reference_type
scores
url https://github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
10
reference_url https://github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
reference_id
reference_type
scores
url https://github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
11
reference_url https://github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
reference_id
reference_type
scores
url https://github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
12
reference_url https://github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
reference_id
reference_type
scores
url https://github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yaml
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-31.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-31.yaml
15
reference_url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
reference_id
reference_type
scores
url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
16
reference_url https://web.archive.org/web/20110521033304/http://secunia.com/advisories/43297
reference_id
reference_type
scores
url https://web.archive.org/web/20110521033304/http://secunia.com/advisories/43297
17
reference_url https://web.archive.org/web/20110521033309/http://secunia.com/advisories/43382
reference_id
reference_type
scores
url https://web.archive.org/web/20110521033309/http://secunia.com/advisories/43382
18
reference_url https://web.archive.org/web/20110521033314/http://secunia.com/advisories/43426
reference_id
reference_type
scores
url https://web.archive.org/web/20110521033314/http://secunia.com/advisories/43426
19
reference_url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
20
reference_url http://www.debian.org/security/2011/dsa-2163
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2163
21
reference_url http://www.djangoproject.com/weblog/2011/feb/08/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2011/feb/08/security/
22
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
23
reference_url http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46296
24
reference_url http://www.ubuntu.com/usn/USN-1066-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1066-1
25
reference_url http://www.vupen.com/english/advisories/2011/0372
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0372
26
reference_url http://www.vupen.com/english/advisories/2011/0388
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0388
27
reference_url http://www.vupen.com/english/advisories/2011/0429
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0429
28
reference_url http://www.vupen.com/english/advisories/2011/0439
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0439
29
reference_url http://www.vupen.com/english/advisories/2011/0441
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0441
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0697
reference_id CVE-2011-0697
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-0697
fixed_packages
0
url pkg:pypi/django@1.2.5
purl pkg:pypi/django@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u5u9-xbb6-93hc
26
vulnerability VCID-u6sd-648r-qbdb
27
vulnerability VCID-vdpf-jddk-syda
28
vulnerability VCID-vj5u-2ukv-audq
29
vulnerability VCID-weqb-fxu4-17e7
30
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.5
aliases CVE-2011-0697, GHSA-8m3r-rv5g-fcpq, PYSEC-2011-11, PYSEC-2011-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6ps-f6s6-zkbj
22
url VCID-r7tk-79xy-jkhj
vulnerability_id VCID-r7tk-79xy-jkhj
summary The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/26cd48e166ac4d84317c8ee6d63ac52a87e8da99
reference_id
reference_type
scores
url https://github.com/django/django/commit/26cd48e166ac4d84317c8ee6d63ac52a87e8da99
6
reference_url https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41
reference_id
reference_type
scores
url https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41
7
reference_url https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1
reference_id
reference_type
scores
url https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-5.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-5.yaml
9
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security
10
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
11
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0481
reference_id CVE-2014-0481
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-0481
13
reference_url https://github.com/advisories/GHSA-296w-6qhq-gf92
reference_id GHSA-296w-6qhq-gf92
reference_type
scores
url https://github.com/advisories/GHSA-296w-6qhq-gf92
fixed_packages
0
url pkg:pypi/django@1.4.14
purl pkg:pypi/django@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-kq8u-td31-uqaa
10
vulnerability VCID-ksh8-pazn-dbca
11
vulnerability VCID-mccp-khb9-qkb7
12
vulnerability VCID-rxxr-sseq-k7a9
13
vulnerability VCID-ta66-7qrm-sbhu
14
vulnerability VCID-th75-ys47-d3h8
15
vulnerability VCID-u6sd-648r-qbdb
16
vulnerability VCID-vdpf-jddk-syda
17
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14
1
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
2
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0481, GHSA-296w-6qhq-gf92, PYSEC-2014-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7tk-79xy-jkhj
23
url VCID-rq19-9v21-47dy
vulnerability_id VCID-rq19-9v21-47dy
summary The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
5
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
6
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
fixed_packages
0
url pkg:pypi/django@1.4.11
purl pkg:pypi/django@1.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-kq8u-td31-uqaa
14
vulnerability VCID-ksh8-pazn-dbca
15
vulnerability VCID-mccp-khb9-qkb7
16
vulnerability VCID-r7tk-79xy-jkhj
17
vulnerability VCID-rxxr-sseq-k7a9
18
vulnerability VCID-ta66-7qrm-sbhu
19
vulnerability VCID-th75-ys47-d3h8
20
vulnerability VCID-u4a7-uvcb-9kf8
21
vulnerability VCID-u6sd-648r-qbdb
22
vulnerability VCID-vdpf-jddk-syda
23
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11
1
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
2
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0472, PYSEC-2014-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq19-9v21-47dy
24
url VCID-rxxr-sseq-k7a9
vulnerability_id VCID-rxxr-sseq-k7a9
summary The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-0129.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0129.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0156.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0156.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0157.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0157.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-0158.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0158.html
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
reference_id
reference_type
scores
url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
10
reference_url https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
reference_id
reference_type
scores
url https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
11
reference_url https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
reference_id
reference_type
scores
url https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
12
reference_url https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
reference_id
reference_type
scores
url https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
14
reference_url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
15
reference_url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
16
reference_url http://www.debian.org/security/2015/dsa-3404
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3404
17
reference_url http://www.securityfocus.com/bid/77750
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77750
18
reference_url http://www.securitytracker.com/id/1034237
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034237
19
reference_url http://www.ubuntu.com/usn/USN-2816-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2816-1
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8213
reference_id CVE-2015-8213
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-8213
21
reference_url https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
reference_id GHSA-6wcr-wcqm-3mfh
reference_type
scores
url https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
fixed_packages
0
url pkg:pypi/django@1.7.11
purl pkg:pypi/django@1.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11
1
url pkg:pypi/django@1.8.7
purl pkg:pypi/django@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-upbz-vg19-rugv
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
11
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7
2
url pkg:pypi/django@1.9rc2
purl pkg:pypi/django@1.9rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2
aliases CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9
25
url VCID-ta66-7qrm-sbhu
vulnerability_id VCID-ta66-7qrm-sbhu
summary The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
9
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
10
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
12
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
fixed_packages
0
url pkg:pypi/django@1.4.18
purl pkg:pypi/django@1.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18
1
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
2
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0221, PYSEC-2015-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta66-7qrm-sbhu
26
url VCID-u4a7-uvcb-9kf8
vulnerability_id VCID-u4a7-uvcb-9kf8
summary The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/blob/aa3cb3f37265be37d892e2b391ff023e9caee2a4/docs/releases/1.5.9.txt#L42
reference_id
reference_type
scores
url https://github.com/django/django/blob/aa3cb3f37265be37d892e2b391ff023e9caee2a4/docs/releases/1.5.9.txt#L42
6
reference_url https://github.com/django/django/commit/0268b855f9eab3377f2821164ef3e66037789e09
reference_id
reference_type
scores
url https://github.com/django/django/commit/0268b855f9eab3377f2821164ef3e66037789e09
7
reference_url https://github.com/django/django/commit/5307ce565fbedb9cc27cbe7c757b41a00438d37c
reference_id
reference_type
scores
url https://github.com/django/django/commit/5307ce565fbedb9cc27cbe7c757b41a00438d37c
8
reference_url https://github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9
reference_id
reference_type
scores
url https://github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9
9
reference_url https://github.com/django/django/commit/dd68f319b365f6cb38c5a6c106faf4f6142d7d88
reference_id
reference_type
scores
url https://github.com/django/django/commit/dd68f319b365f6cb38c5a6c106faf4f6142d7d88
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-6.yaml
11
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security
12
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
13
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0482
reference_id CVE-2014-0482
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-0482
15
reference_url https://github.com/advisories/GHSA-625g-gx8c-xcmg
reference_id GHSA-625g-gx8c-xcmg
reference_type
scores
url https://github.com/advisories/GHSA-625g-gx8c-xcmg
fixed_packages
0
url pkg:pypi/django@1.4.14
purl pkg:pypi/django@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-kq8u-td31-uqaa
10
vulnerability VCID-ksh8-pazn-dbca
11
vulnerability VCID-mccp-khb9-qkb7
12
vulnerability VCID-rxxr-sseq-k7a9
13
vulnerability VCID-ta66-7qrm-sbhu
14
vulnerability VCID-th75-ys47-d3h8
15
vulnerability VCID-u6sd-648r-qbdb
16
vulnerability VCID-vdpf-jddk-syda
17
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14
1
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
2
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
3
url pkg:pypi/django@1.7rc3
purl pkg:pypi/django@1.7rc3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7rc3
aliases CVE-2014-0482, GHSA-625g-gx8c-xcmg, PYSEC-2014-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4a7-uvcb-9kf8
27
url VCID-u5u9-xbb6-93hc
vulnerability_id VCID-u5u9-xbb6-93hc
summary Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.
references
0
reference_url http://openwall.com/lists/oss-security/2011/09/11/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/11/1
1
reference_url http://openwall.com/lists/oss-security/2011/09/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/13/2
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737366
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737366
3
reference_url http://secunia.com/advisories/46614
reference_id
reference_type
scores
url http://secunia.com/advisories/46614
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/2f7fadc38efa58ac0a8f93f936b82332a199f396
reference_id
reference_type
scores
url https://github.com/django/django/commit/2f7fadc38efa58ac0a8f93f936b82332a199f396
6
reference_url https://github.com/django/django/commit/c613af4d6485586c79d692b70a9acac429f3ca9d
reference_id
reference_type
scores
url https://github.com/django/django/commit/c613af4d6485586c79d692b70a9acac429f3ca9d
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-4.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-4.yaml
8
reference_url https://hermes.opensuse.org/messages/14700881
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/14700881
9
reference_url https://www.djangoproject.com/weblog/2011/sep/09
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09
10
reference_url https://www.djangoproject.com/weblog/2011/sep/09/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09/
11
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127
12
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127/
13
reference_url http://www.debian.org/security/2011/dsa-2332
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2332
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4139
reference_id CVE-2011-4139
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-4139
15
reference_url https://github.com/advisories/GHSA-rm2j-x595-q9cj
reference_id GHSA-rm2j-x595-q9cj
reference_type
scores
url https://github.com/advisories/GHSA-rm2j-x595-q9cj
fixed_packages
0
url pkg:pypi/django@1.2.7
purl pkg:pypi/django@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-7g7m-bfe1-wkhd
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bsf-vm3b-ubhw
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-vj5u-2ukv-audq
25
vulnerability VCID-weqb-fxu4-17e7
26
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7
1
url pkg:pypi/django@1.3.1
purl pkg:pypi/django@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u6sd-648r-qbdb
26
vulnerability VCID-vdpf-jddk-syda
27
vulnerability VCID-vj5u-2ukv-audq
28
vulnerability VCID-weqb-fxu4-17e7
29
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1
aliases CVE-2011-4139, GHSA-rm2j-x595-q9cj, PYSEC-2011-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5u9-xbb6-93hc
28
url VCID-u6sd-648r-qbdb
vulnerability_id VCID-u6sd-648r-qbdb
summary Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
references
0
reference_url https://code.djangoproject.com/ticket/24461
reference_id
reference_type
scores
url https://code.djangoproject.com/ticket/24461
1
reference_url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
3
reference_url http://www.securityfocus.com/bid/73095
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73095
fixed_packages
0
url pkg:pypi/django@1.7.6
purl pkg:pypi/django@1.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-vacy-878s-3kfb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6
1
url pkg:pypi/django@1.8b2
purl pkg:pypi/django@1.8b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-vacy-878s-3kfb
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2
aliases CVE-2015-2241, PYSEC-2015-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6sd-648r-qbdb
29
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
30
url VCID-vj5u-2ukv-audq
vulnerability_id VCID-vj5u-2ukv-audq
summary The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.
references
0
reference_url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
1
reference_url http://www.debian.org/security/2012/dsa-2529
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2529
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2012:143
3
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/1
4
reference_url http://www.openwall.com/lists/oss-security/2012/07/31/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/07/31/2
5
reference_url http://www.ubuntu.com/usn/USN-1560-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1560-1
fixed_packages
0
url pkg:pypi/django@1.3.2
purl pkg:pypi/django@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7rz2-nqdn-hycc
8
vulnerability VCID-8gus-er59-1qak
9
vulnerability VCID-8v2c-7739-2ugp
10
vulnerability VCID-912q-3eks-4yfm
11
vulnerability VCID-9mpt-zxaw-kkeg
12
vulnerability VCID-bahz-gfxv-e3b2
13
vulnerability VCID-dh12-js4b-h7fw
14
vulnerability VCID-ffsr-th58-p3ct
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-ksh8-pazn-dbca
17
vulnerability VCID-mccp-khb9-qkb7
18
vulnerability VCID-r7tk-79xy-jkhj
19
vulnerability VCID-rq19-9v21-47dy
20
vulnerability VCID-rxxr-sseq-k7a9
21
vulnerability VCID-ta66-7qrm-sbhu
22
vulnerability VCID-u4a7-uvcb-9kf8
23
vulnerability VCID-u6sd-648r-qbdb
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2
1
url pkg:pypi/django@1.4.1
purl pkg:pypi/django@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-71t1-69yq-c7h6
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bqp-b6rw-mye7
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-g2z3-2h8p-c7ge
18
vulnerability VCID-jfya-694v-myar
19
vulnerability VCID-kq8u-td31-uqaa
20
vulnerability VCID-ksh8-pazn-dbca
21
vulnerability VCID-mccp-khb9-qkb7
22
vulnerability VCID-ps24-pjj4-uqd1
23
vulnerability VCID-r7tk-79xy-jkhj
24
vulnerability VCID-rq19-9v21-47dy
25
vulnerability VCID-rxxr-sseq-k7a9
26
vulnerability VCID-ta66-7qrm-sbhu
27
vulnerability VCID-th75-ys47-d3h8
28
vulnerability VCID-u4a7-uvcb-9kf8
29
vulnerability VCID-u6sd-648r-qbdb
30
vulnerability VCID-vdpf-jddk-syda
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-x212-mskt-9bbw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1
aliases CVE-2012-3444, PYSEC-2012-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vj5u-2ukv-audq
31
url VCID-weqb-fxu4-17e7
vulnerability_id VCID-weqb-fxu4-17e7
summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2038.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2039.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2040.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2041.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2042.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2043.html
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
reference_id
reference_type
scores
url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
8
reference_url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
9
reference_url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
reference_id
reference_type
scores
url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
11
reference_url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
12
reference_url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
13
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
14
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
15
reference_url http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3678
16
reference_url http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93182
17
reference_url http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036899
18
reference_url http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3089-1
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
reference_id CVE-2016-7401
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
20
reference_url https://github.com/advisories/GHSA-crhm-qpjc-cm64
reference_id GHSA-crhm-qpjc-cm64
reference_type
scores
url https://github.com/advisories/GHSA-crhm-qpjc-cm64
fixed_packages
0
url pkg:pypi/django@1.8.15
purl pkg:pypi/django@1.8.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15
1
url pkg:pypi/django@1.9.10
purl pkg:pypi/django@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10
aliases CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7
32
url VCID-xf2n-qua7-m7fb
vulnerability_id VCID-xf2n-qua7-m7fb
summary The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
references
0
reference_url http://openwall.com/lists/oss-security/2011/09/11/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/11/1
1
reference_url http://openwall.com/lists/oss-security/2011/09/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/09/13/2
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=737366
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=737366
3
reference_url http://secunia.com/advisories/46614
reference_id
reference_type
scores
url http://secunia.com/advisories/46614
4
reference_url https://github.com/advisories/GHSA-h95j-h2rv-qrg4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h95j-h2rv-qrg4
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-5.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-5.yaml
7
reference_url https://hermes.opensuse.org/messages/14700881
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/14700881
8
reference_url https://web.archive.org/web/20140806062902/http://secunia.com/advisories/46614
reference_id
reference_type
scores
url https://web.archive.org/web/20140806062902/http://secunia.com/advisories/46614
9
reference_url https://www.djangoproject.com/weblog/2011/sep/09
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09
10
reference_url https://www.djangoproject.com/weblog/2011/sep/09/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/09/
11
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127
12
reference_url https://www.djangoproject.com/weblog/2011/sep/10/127/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2011/sep/10/127/
13
reference_url http://www.debian.org/security/2011/dsa-2332
reference_id
reference_type
scores
url http://www.debian.org/security/2011/dsa-2332
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4140
reference_id CVE-2011-4140
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-4140
fixed_packages
0
url pkg:pypi/django@1.2.7
purl pkg:pypi/django@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-7g7m-bfe1-wkhd
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bsf-vm3b-ubhw
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-vj5u-2ukv-audq
25
vulnerability VCID-weqb-fxu4-17e7
26
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7
1
url pkg:pypi/django@1.3.1
purl pkg:pypi/django@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3juv-mecf-akdp
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-492e-xffn-3bds
4
vulnerability VCID-5dxz-7swx-rygn
5
vulnerability VCID-5vmb-d4xp-zfgy
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u6sd-648r-qbdb
26
vulnerability VCID-vdpf-jddk-syda
27
vulnerability VCID-vj5u-2ukv-audq
28
vulnerability VCID-weqb-fxu4-17e7
29
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1
aliases CVE-2011-4140, GHSA-h95j-h2rv-qrg4, PYSEC-2011-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf2n-qua7-m7fb
33
url VCID-zd9y-sxbn-kqa3
vulnerability_id VCID-zd9y-sxbn-kqa3
summary Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
references
0
reference_url http://openwall.com/lists/oss-security/2011/02/09/6
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2011/02/09/6
1
reference_url http://secunia.com/advisories/43230
reference_id
reference_type
scores
url http://secunia.com/advisories/43230
2
reference_url https://github.com/advisories/GHSA-7g9h-c88w-r7h2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7g9h-c88w-r7h2
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2
reference_id
reference_type
scores
url https://github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2
5
reference_url https://github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd
reference_id
reference_type
scores
url https://github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml
7
reference_url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
reference_id
reference_type
scores
url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
8
reference_url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
9
reference_url http://www.djangoproject.com/weblog/2011/feb/08/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2011/feb/08/security/
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
11
reference_url http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46296
12
reference_url http://www.vupen.com/english/advisories/2011/0372
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0372
13
reference_url http://www.vupen.com/english/advisories/2011/0439
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0439
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0698
reference_id CVE-2011-0698
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2011-0698
fixed_packages
0
url pkg:pypi/django@1.2.5
purl pkg:pypi/django@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-mccp-khb9-qkb7
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-u4a7-uvcb-9kf8
25
vulnerability VCID-u5u9-xbb6-93hc
26
vulnerability VCID-u6sd-648r-qbdb
27
vulnerability VCID-vdpf-jddk-syda
28
vulnerability VCID-vj5u-2ukv-audq
29
vulnerability VCID-weqb-fxu4-17e7
30
vulnerability VCID-xf2n-qua7-m7fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.5
aliases CVE-2011-0698, GHSA-7g9h-c88w-r7h2, PYSEC-2011-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd9y-sxbn-kqa3
Fixing_vulnerabilities
0
url VCID-7cnm-hzsf-tybp
vulnerability_id VCID-7cnm-hzsf-tybp
summary The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.
references
0
reference_url http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
reference_id
reference_type
scores
url http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
1
reference_url http://code.djangoproject.com/changeset/15031
reference_id
reference_type
scores
url http://code.djangoproject.com/changeset/15031
2
reference_url http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac/
reference_id
reference_type
scores
url http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac/
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
5
reference_url http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter/
reference_id
reference_type
scores
url http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=665373
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=665373
7
reference_url http://secunia.com/advisories/42715
reference_id
reference_type
scores
url http://secunia.com/advisories/42715
8
reference_url http://secunia.com/advisories/42827
reference_id
reference_type
scores
url http://secunia.com/advisories/42827
9
reference_url http://secunia.com/advisories/42913
reference_id
reference_type
scores
url http://secunia.com/advisories/42913
10
reference_url https://github.com/advisories/GHSA-fwr5-q9rx-294f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-fwr5-q9rx-294f
11
reference_url https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
reference_id
reference_type
scores
url https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
12
reference_url https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
reference_id
reference_type
scores
url https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-28.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-28.yaml
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
15
reference_url http://www.djangoproject.com/weblog/2010/dec/22/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2010/dec/22/security/
16
reference_url http://www.openwall.com/lists/oss-security/2010/12/23/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/12/23/4
17
reference_url http://www.openwall.com/lists/oss-security/2011/01/03/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2011/01/03/5
18
reference_url http://www.securityfocus.com/archive/1/515446
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/515446
19
reference_url http://www.securityfocus.com/bid/45562
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/45562
20
reference_url http://www.ubuntu.com/usn/USN-1040-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1040-1
21
reference_url http://www.vupen.com/english/advisories/2011/0048
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0048
22
reference_url http://www.vupen.com/english/advisories/2011/0098
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0098
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-4534
reference_id CVE-2010-4534
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2010-4534
fixed_packages
0
url pkg:pypi/django@1.1.3
purl pkg:pypi/django@1.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-kuyz-3pxs-r7cv
20
vulnerability VCID-mccp-khb9-qkb7
21
vulnerability VCID-n6ps-f6s6-zkbj
22
vulnerability VCID-r7tk-79xy-jkhj
23
vulnerability VCID-rq19-9v21-47dy
24
vulnerability VCID-rxxr-sseq-k7a9
25
vulnerability VCID-ta66-7qrm-sbhu
26
vulnerability VCID-u4a7-uvcb-9kf8
27
vulnerability VCID-u5u9-xbb6-93hc
28
vulnerability VCID-u6sd-648r-qbdb
29
vulnerability VCID-vdpf-jddk-syda
30
vulnerability VCID-vj5u-2ukv-audq
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-xf2n-qua7-m7fb
33
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1.3
1
url pkg:pypi/django@1.2.4
purl pkg:pypi/django@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-kuyz-3pxs-r7cv
20
vulnerability VCID-mccp-khb9-qkb7
21
vulnerability VCID-n6ps-f6s6-zkbj
22
vulnerability VCID-r7tk-79xy-jkhj
23
vulnerability VCID-rq19-9v21-47dy
24
vulnerability VCID-rxxr-sseq-k7a9
25
vulnerability VCID-ta66-7qrm-sbhu
26
vulnerability VCID-u4a7-uvcb-9kf8
27
vulnerability VCID-u5u9-xbb6-93hc
28
vulnerability VCID-u6sd-648r-qbdb
29
vulnerability VCID-vdpf-jddk-syda
30
vulnerability VCID-vj5u-2ukv-audq
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-xf2n-qua7-m7fb
33
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.4
aliases CVE-2010-4534, GHSA-fwr5-q9rx-294f, PYSEC-2011-28, PYSEC-2011-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cnm-hzsf-tybp
1
url VCID-r2a9-kym9-zqgq
vulnerability_id VCID-r2a9-kym9-zqgq
summary The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
references
0
reference_url http://code.djangoproject.com/changeset/15032
reference_id
reference_type
scores
url http://code.djangoproject.com/changeset/15032
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=665373
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=665373
4
reference_url http://secunia.com/advisories/42715
reference_id
reference_type
scores
url http://secunia.com/advisories/42715
5
reference_url http://secunia.com/advisories/42827
reference_id
reference_type
scores
url http://secunia.com/advisories/42827
6
reference_url http://secunia.com/advisories/42913
reference_id
reference_type
scores
url http://secunia.com/advisories/42913
7
reference_url https://github.com/advisories/GHSA-7wph-fc4w-wqp2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-7wph-fc4w-wqp2
8
reference_url https://github.com/django/django/commit/7f8dd9cbac074389af8d8fd235bf2cb657227b9a
reference_id
reference_type
scores
url https://github.com/django/django/commit/7f8dd9cbac074389af8d8fd235bf2cb657227b9a
9
reference_url https://github.com/django/django/commit/d5d8942a160685c403d381a279e72e09de5489a9
reference_id
reference_type
scores
url https://github.com/django/django/commit/d5d8942a160685c403d381a279e72e09de5489a9
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-29.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-29.yaml
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-9.yaml
12
reference_url https://web.archive.org/web/20200228193349/http://www.securityfocus.com/bid/45563
reference_id
reference_type
scores
url https://web.archive.org/web/20200228193349/http://www.securityfocus.com/bid/45563
13
reference_url http://www.djangoproject.com/weblog/2010/dec/22/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2010/dec/22/security/
14
reference_url http://www.openwall.com/lists/oss-security/2010/12/23/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/12/23/4
15
reference_url http://www.openwall.com/lists/oss-security/2011/01/03/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2011/01/03/5
16
reference_url http://www.securityfocus.com/bid/45563
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/45563
17
reference_url http://www.ubuntu.com/usn/USN-1040-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1040-1
18
reference_url http://www.vupen.com/english/advisories/2011/0048
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0048
19
reference_url http://www.vupen.com/english/advisories/2011/0098
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0098
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-4535
reference_id CVE-2010-4535
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2010-4535
fixed_packages
0
url pkg:pypi/django@1.1.3
purl pkg:pypi/django@1.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-kuyz-3pxs-r7cv
20
vulnerability VCID-mccp-khb9-qkb7
21
vulnerability VCID-n6ps-f6s6-zkbj
22
vulnerability VCID-r7tk-79xy-jkhj
23
vulnerability VCID-rq19-9v21-47dy
24
vulnerability VCID-rxxr-sseq-k7a9
25
vulnerability VCID-ta66-7qrm-sbhu
26
vulnerability VCID-u4a7-uvcb-9kf8
27
vulnerability VCID-u5u9-xbb6-93hc
28
vulnerability VCID-u6sd-648r-qbdb
29
vulnerability VCID-vdpf-jddk-syda
30
vulnerability VCID-vj5u-2ukv-audq
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-xf2n-qua7-m7fb
33
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1.3
1
url pkg:pypi/django@1.2.4
purl pkg:pypi/django@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38e1-hepp-vkg9
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-3sg7-t77d-rkc6
3
vulnerability VCID-5brz-383w-pfbb
4
vulnerability VCID-5vmb-d4xp-zfgy
5
vulnerability VCID-66ax-8wdn-1bgb
6
vulnerability VCID-6wah-r8vr-5qc4
7
vulnerability VCID-7g7m-bfe1-wkhd
8
vulnerability VCID-7rz2-nqdn-hycc
9
vulnerability VCID-8gus-er59-1qak
10
vulnerability VCID-8v2c-7739-2ugp
11
vulnerability VCID-912q-3eks-4yfm
12
vulnerability VCID-9bsf-vm3b-ubhw
13
vulnerability VCID-9mpt-zxaw-kkeg
14
vulnerability VCID-bahz-gfxv-e3b2
15
vulnerability VCID-dh12-js4b-h7fw
16
vulnerability VCID-ffsr-th58-p3ct
17
vulnerability VCID-jfya-694v-myar
18
vulnerability VCID-ksh8-pazn-dbca
19
vulnerability VCID-kuyz-3pxs-r7cv
20
vulnerability VCID-mccp-khb9-qkb7
21
vulnerability VCID-n6ps-f6s6-zkbj
22
vulnerability VCID-r7tk-79xy-jkhj
23
vulnerability VCID-rq19-9v21-47dy
24
vulnerability VCID-rxxr-sseq-k7a9
25
vulnerability VCID-ta66-7qrm-sbhu
26
vulnerability VCID-u4a7-uvcb-9kf8
27
vulnerability VCID-u5u9-xbb6-93hc
28
vulnerability VCID-u6sd-648r-qbdb
29
vulnerability VCID-vdpf-jddk-syda
30
vulnerability VCID-vj5u-2ukv-audq
31
vulnerability VCID-weqb-fxu4-17e7
32
vulnerability VCID-xf2n-qua7-m7fb
33
vulnerability VCID-zd9y-sxbn-kqa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.4
aliases CVE-2010-4535, GHSA-7wph-fc4w-wqp2, PYSEC-2011-29, PYSEC-2011-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2a9-kym9-zqgq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.4