| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-29qk-rv5n-efbm |
| vulnerability_id |
VCID-29qk-rv5n-efbm |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 1 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 2 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 3 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 6 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 9 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 10 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 13 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 14 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 1 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 2 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 3 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 4 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 7 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 8 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 9 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-29qk-rv5n-efbm |
|
| 1 |
| url |
VCID-38e1-hepp-vkg9 |
| vulnerability_id |
VCID-38e1-hepp-vkg9 |
| summary |
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.2.7 |
| purl |
pkg:pypi/django@1.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 19 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 20 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 25 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 26 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 31 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 32 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 33 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 34 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7 |
|
| 1 |
| url |
pkg:pypi/django@1.3.1 |
| purl |
pkg:pypi/django@1.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 12 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 13 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 14 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 15 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 16 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 17 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 18 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 19 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 20 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 21 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 22 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 23 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 24 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 25 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 26 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 27 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 28 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 29 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 30 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 31 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 32 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 33 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 34 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 35 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 36 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 37 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 38 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 39 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1 |
|
|
| aliases |
CVE-2011-4137, GHSA-3jqw-crqj-w8qw, PYSEC-2011-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-38e1-hepp-vkg9 |
|
| 2 |
| url |
VCID-3kza-a88p-kfg7 |
| vulnerability_id |
VCID-3kza-a88p-kfg7 |
| summary |
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://www.exploit-db.com/exploits/40129 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/40129 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
| reference_url |
http://www.ubuntu.com/usn/USN-3039-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3039-1 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.14 |
| purl |
pkg:pypi/django@1.8.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 12 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 13 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 14 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 15 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 16 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14 |
|
| 1 |
| url |
pkg:pypi/django@1.9.8 |
| purl |
pkg:pypi/django@1.9.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 9 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 10 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 11 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 12 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 13 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 14 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8 |
|
| 2 |
| url |
pkg:pypi/django@1.10rc1 |
| purl |
pkg:pypi/django@1.10rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-hpj4-a9fa-4bca |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1 |
|
|
| aliases |
CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7 |
|
| 3 |
| url |
VCID-3sg7-t77d-rkc6 |
| vulnerability_id |
VCID-3sg7-t77d-rkc6 |
| summary |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.11 |
| purl |
pkg:pypi/django@1.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 19 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 20 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 25 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 26 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 31 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 32 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11 |
|
| 1 |
| url |
pkg:pypi/django@1.5.6 |
| purl |
pkg:pypi/django@1.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 27 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 28 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 29 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6 |
|
| 2 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 27 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 28 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 29 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 30 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0473, GHSA-89hj-xfx5-7q66, PYSEC-2014-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg7-t77d-rkc6 |
|
| 4 |
| url |
VCID-4tyd-97z5-z3ar |
| vulnerability_id |
VCID-4tyd-97z5-z3ar |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ft7-rbey-kuhx |
|
| 1 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 2 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 3 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 4 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 5 |
| vulnerability |
VCID-9kvc-1bdz-n3bd |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 10 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 11 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 12 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 13 |
| vulnerability |
VCID-pa7y-gpwp-6qgj |
|
| 14 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 15 |
| vulnerability |
VCID-qy1a-x3ff-4bc8 |
|
| 16 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 17 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 18 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 19 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 20 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 21 |
| vulnerability |
VCID-ud73-4t2c-n3at |
|
| 22 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 23 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 24 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 25 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ft7-rbey-kuhx |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-9kvc-1bdz-n3bd |
|
| 4 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 5 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 8 |
| vulnerability |
VCID-pa7y-gpwp-6qgj |
|
| 9 |
| vulnerability |
VCID-qw15-2kq7-wqed |
|
| 10 |
| vulnerability |
VCID-qy1a-x3ff-4bc8 |
|
| 11 |
| vulnerability |
VCID-ud73-4t2c-n3at |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tyd-97z5-z3ar |
|
| 5 |
| url |
VCID-5brz-383w-pfbb |
| vulnerability_id |
VCID-5brz-383w-pfbb |
| summary |
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-x88j-93vc-wpmp |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-x88j-93vc-wpmp |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.2.7 |
| purl |
pkg:pypi/django@1.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 19 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 20 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 25 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 26 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 31 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 32 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 33 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 34 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7 |
|
| 1 |
| url |
pkg:pypi/django@1.3.1 |
| purl |
pkg:pypi/django@1.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 12 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 13 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 14 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 15 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 16 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 17 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 18 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 19 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 20 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 21 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 22 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 23 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 24 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 25 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 26 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 27 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 28 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 29 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 30 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 31 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 32 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 33 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 34 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 35 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 36 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 37 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 38 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 39 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1 |
|
|
| aliases |
CVE-2011-4136, GHSA-x88j-93vc-wpmp, PYSEC-2011-1
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5brz-383w-pfbb |
|
| 6 |
| url |
VCID-5q58-pzt4-8uey |
| vulnerability_id |
VCID-5q58-pzt4-8uey |
| summary |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4cp2-k4mn-8ffj |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 4 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 5 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 6 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 7 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 10 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 11 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 12 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 13 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 14 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 15 |
| vulnerability |
VCID-m4wa-xv9b-q7ce |
|
| 16 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 17 |
| vulnerability |
VCID-na9w-xkvx-cbhd |
|
| 18 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 19 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 20 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 21 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 25 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 2 |
| url |
pkg:pypi/django@3.0.3 |
| purl |
pkg:pypi/django@3.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4cp2-k4mn-8ffj |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 5 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 6 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 9 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 10 |
| vulnerability |
VCID-m4wa-xv9b-q7ce |
|
| 11 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 12 |
| vulnerability |
VCID-na9w-xkvx-cbhd |
|
| 13 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 14 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 15 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 16 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 17 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 18 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey |
|
| 7 |
| url |
VCID-5vmb-d4xp-zfgy |
| vulnerability_id |
VCID-5vmb-d4xp-zfgy |
| summary |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
http://www.ubuntu.com/usn/USN-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2469-1 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.18 |
| purl |
pkg:pypi/django@1.4.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 20 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18 |
|
| 1 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 14 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 17 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 18 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 19 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 20 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 2 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0219, GHSA-7qfw-j7hp-v45g, PYSEC-2015-4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5vmb-d4xp-zfgy |
|
| 8 |
| url |
VCID-66ax-8wdn-1bgb |
| vulnerability_id |
VCID-66ax-8wdn-1bgb |
| summary |
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.2.7 |
| purl |
pkg:pypi/django@1.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 19 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 20 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 25 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 26 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 31 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 32 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 33 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 34 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7 |
|
| 1 |
| url |
pkg:pypi/django@1.3.1 |
| purl |
pkg:pypi/django@1.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 12 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 13 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 14 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 15 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 16 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 17 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 18 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 19 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 20 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 21 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 22 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 23 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 24 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 25 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 26 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 27 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 28 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 29 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 30 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 31 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 32 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 33 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 34 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 35 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 36 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 37 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 38 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 39 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1 |
|
|
| aliases |
CVE-2011-4138, GHSA-wxg3-mfph-qg9w, PYSEC-2011-3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-66ax-8wdn-1bgb |
|
| 9 |
| url |
VCID-6w99-8w84-jkh9 |
| vulnerability_id |
VCID-6w99-8w84-jkh9 |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4cp2-k4mn-8ffj |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 6 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 11 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 12 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 15 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 16 |
| vulnerability |
VCID-m4wa-xv9b-q7ce |
|
| 17 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 18 |
| vulnerability |
VCID-na9w-xkvx-cbhd |
|
| 19 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 20 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 21 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 22 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 25 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 26 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6w99-8w84-jkh9 |
|
| 10 |
| url |
VCID-6wah-r8vr-5qc4 |
| vulnerability_id |
VCID-6wah-r8vr-5qc4 |
| summary |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 6 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 7 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 8 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 9 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 10 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 11 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 12 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 13 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 14 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 15 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 16 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 17 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 6 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 7 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 12 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 13 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 14 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 15 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2513, GHSA-fp6p-5xvw-m74f, PYSEC-2016-16
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4 |
|
| 11 |
| url |
VCID-7g7m-bfe1-wkhd |
| vulnerability_id |
VCID-7g7m-bfe1-wkhd |
| summary |
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://www.ubuntu.com/usn/USN-1560-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.ubuntu.com/usn/USN-1560-1 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
http://www.ubuntu.com/usn/USN-1560-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-1560-1 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.3.2 |
| purl |
pkg:pypi/django@1.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 12 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 13 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 14 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 15 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 16 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 17 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 18 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 19 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 20 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 21 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 22 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 23 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 24 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 25 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 26 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 27 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 28 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 29 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 30 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 31 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 32 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 33 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 34 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 35 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2 |
|
| 1 |
| url |
pkg:pypi/django@1.4.1 |
| purl |
pkg:pypi/django@1.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 3 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 4 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 5 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 6 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 7 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 8 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 9 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 10 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 11 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 12 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 13 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 14 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 15 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 16 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 17 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 18 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 19 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 20 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 21 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 22 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 23 |
| vulnerability |
VCID-g2z3-2h8p-c7ge |
|
| 24 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 25 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 26 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 27 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 28 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 29 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 30 |
| vulnerability |
VCID-ps24-pjj4-uqd1 |
|
| 31 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 32 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 33 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 34 |
| vulnerability |
VCID-rtjn-qccc-8kc7 |
|
| 35 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 36 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 37 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 38 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 39 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 40 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 41 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 42 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 43 |
| vulnerability |
VCID-x212-mskt-9bbw |
|
| 44 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1 |
|
|
| aliases |
CVE-2012-3443, GHSA-59w8-4wm2-4xw8, PYSEC-2012-3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7g7m-bfe1-wkhd |
|
| 12 |
| url |
VCID-7rz2-nqdn-hycc |
| vulnerability_id |
VCID-7rz2-nqdn-hycc |
| summary |
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.14 |
| purl |
pkg:pypi/django@1.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 9 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 10 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 11 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 12 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 13 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 14 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 15 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 16 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 17 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 18 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 19 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 20 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 21 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 22 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 23 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 24 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 25 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 26 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14 |
|
| 1 |
| url |
pkg:pypi/django@1.5.9 |
| purl |
pkg:pypi/django@1.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9 |
|
| 2 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 21 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 22 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
|
| aliases |
CVE-2014-0480, GHSA-f7cm-ccfp-3q4r, PYSEC-2014-4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7rz2-nqdn-hycc |
|
| 13 |
| url |
VCID-8gus-er59-1qak |
| vulnerability_id |
VCID-8gus-er59-1qak |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-3115-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3115-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.16 |
| purl |
pkg:pypi/django@1.8.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 5 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 6 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 9 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 10 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16 |
|
| 1 |
| url |
pkg:pypi/django@1.9.11 |
| purl |
pkg:pypi/django@1.9.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 5 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 8 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 9 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 10 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 11 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11 |
|
| 2 |
| url |
pkg:pypi/django@1.10.3 |
| purl |
pkg:pypi/django@1.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 5 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 6 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 7 |
| vulnerability |
VCID-hpj4-a9fa-4bca |
|
| 8 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 9 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 10 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 11 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 12 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3 |
|
|
| aliases |
CVE-2016-9014, GHSA-3f2c-jm6v-cr35, PYSEC-2016-18
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak |
|
| 14 |
| url |
VCID-8v2c-7739-2ugp |
| vulnerability_id |
VCID-8v2c-7739-2ugp |
| summary |
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.14 |
| purl |
pkg:pypi/django@1.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 9 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 10 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 11 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 12 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 13 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 14 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 15 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 16 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 17 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 18 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 19 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 20 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 21 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 22 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 23 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 24 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 25 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 26 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14 |
|
| 1 |
| url |
pkg:pypi/django@1.5.9 |
| purl |
pkg:pypi/django@1.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9 |
|
| 2 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 21 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 22 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
| 3 |
|
|
| aliases |
CVE-2014-0483, GHSA-rw75-m7gp-92m3, PYSEC-2014-7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8v2c-7739-2ugp |
|
| 15 |
| url |
VCID-912q-3eks-4yfm |
| vulnerability_id |
VCID-912q-3eks-4yfm |
| summary |
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
http://ubuntu.com/usn/usn-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2469-1 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.18 |
| purl |
pkg:pypi/django@1.4.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 20 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18 |
|
| 1 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 14 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 17 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 18 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 19 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 20 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 2 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0220, GHSA-gv98-g628-m9x5, PYSEC-2015-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-912q-3eks-4yfm |
|
| 16 |
| url |
VCID-9bsf-vm3b-ubhw |
| vulnerability_id |
VCID-9bsf-vm3b-ubhw |
| summary |
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.ubuntu.com/usn/USN-1560-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-1560-1 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.3.2 |
| purl |
pkg:pypi/django@1.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 12 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 13 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 14 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 15 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 16 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 17 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 18 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 19 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 20 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 21 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 22 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 23 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 24 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 25 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 26 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 27 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 28 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 29 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 30 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 31 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 32 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 33 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 34 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 35 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2 |
|
| 1 |
| url |
pkg:pypi/django@1.4.1 |
| purl |
pkg:pypi/django@1.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 3 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 4 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 5 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 6 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 7 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 8 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 9 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 10 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 11 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 12 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 13 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 14 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 15 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 16 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 17 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 18 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 19 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 20 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 21 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 22 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 23 |
| vulnerability |
VCID-g2z3-2h8p-c7ge |
|
| 24 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 25 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 26 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 27 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 28 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 29 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 30 |
| vulnerability |
VCID-ps24-pjj4-uqd1 |
|
| 31 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 32 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 33 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 34 |
| vulnerability |
VCID-rtjn-qccc-8kc7 |
|
| 35 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 36 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 37 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 38 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 39 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 40 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 41 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 42 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 43 |
| vulnerability |
VCID-x212-mskt-9bbw |
|
| 44 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1 |
|
|
| aliases |
CVE-2012-3442, GHSA-78vx-ggch-wghm, PYSEC-2012-2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9bsf-vm3b-ubhw |
|
| 17 |
| url |
VCID-9mpt-zxaw-kkeg |
| vulnerability_id |
VCID-9mpt-zxaw-kkeg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.24 |
| purl |
pkg:pypi/django@2.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 3 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 4 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 5 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 8 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 9 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 10 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 11 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-2n2n-1fq2-7bbs |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-4z4e-8ttu-tyd6 |
|
| 5 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 6 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 7 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 8 |
| vulnerability |
VCID-am3f-c5ex-8ff2 |
|
| 9 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 10 |
| vulnerability |
VCID-au8h-vj9k-pufv |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 13 |
| vulnerability |
VCID-f4a7-tcz5-byfj |
|
| 14 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 15 |
| vulnerability |
VCID-fsaw-3ta1-x3dw |
|
| 16 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 17 |
| vulnerability |
VCID-m1dr-sjmw-jfd2 |
|
| 18 |
| vulnerability |
VCID-m33h-4p9q-63fb |
|
| 19 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 20 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 21 |
| vulnerability |
VCID-qgp1-4efd-6yg6 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 24 |
| vulnerability |
VCID-yuda-1mur-8bbq |
|
| 25 |
| vulnerability |
VCID-z6tf-z1y9-cydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg |
|
| 18 |
| url |
VCID-bahz-gfxv-e3b2 |
| vulnerability_id |
VCID-bahz-gfxv-e3b2 |
| summary |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
http://ubuntu.com/usn/usn-2539-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2539-1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.20 |
| purl |
pkg:pypi/django@1.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 13 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 14 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 15 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 16 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 17 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 18 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 19 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 20 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 21 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.20 |
|
| 1 |
| url |
pkg:pypi/django@1.6.11 |
| purl |
pkg:pypi/django@1.6.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 10 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 11 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 12 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 13 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 14 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 15 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 16 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 17 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 18 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11 |
|
| 2 |
| url |
pkg:pypi/django@1.7.7 |
| purl |
pkg:pypi/django@1.7.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 13 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 14 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 15 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 16 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 17 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 18 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 19 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 20 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7 |
|
| 3 |
|
| 4 |
| url |
pkg:pypi/django@1.8c1 |
| purl |
pkg:pypi/django@1.8c1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 10 |
| vulnerability |
VCID-d62f-7csz-fuhm |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 14 |
| vulnerability |
VCID-n2eg-vn4k-yycf |
|
| 15 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 16 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 19 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 20 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 21 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8c1 |
|
|
| aliases |
CVE-2015-2317, GHSA-7fq8-4pv5-5w5c, PYSEC-2015-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bahz-gfxv-e3b2 |
|
| 19 |
| url |
VCID-bb8b-hq41-s7a6 |
| vulnerability_id |
VCID-bb8b-hq41-s7a6 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 19 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2as8-7qx6-2kba |
|
| 1 |
| vulnerability |
VCID-4gpn-bf2d-ybfb |
|
| 2 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 3 |
| vulnerability |
VCID-55xg-pw9n-zkdy |
|
| 4 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 5 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 6 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 7 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 8 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 9 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 10 |
| vulnerability |
VCID-fsz5-dkw2-hyap |
|
| 11 |
| vulnerability |
VCID-fxuu-kk52-r7ch |
|
| 12 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 13 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 14 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 15 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 16 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 17 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 18 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 19 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 20 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 21 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 22 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 23 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 24 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 25 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 26 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 27 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6 |
|
| 20 |
| url |
VCID-dh12-js4b-h7fw |
| vulnerability_id |
VCID-dh12-js4b-h7fw |
| summary |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.18 |
| purl |
pkg:pypi/django@1.4.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 20 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18 |
|
| 1 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 14 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 17 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 18 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 19 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 20 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 2 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0222, GHSA-6g95-x6cj-mg4v, PYSEC-2015-7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dh12-js4b-h7fw |
|
| 21 |
| url |
VCID-ffsr-th58-p3ct |
| vulnerability_id |
VCID-ffsr-th58-p3ct |
| summary |
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.11 |
| purl |
pkg:pypi/django@1.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 19 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 20 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 25 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 26 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 31 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 32 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11 |
|
| 1 |
| url |
pkg:pypi/django@1.5.6 |
| purl |
pkg:pypi/django@1.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 27 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 28 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 29 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6 |
|
| 2 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 27 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 28 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 29 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 30 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0474, GHSA-wqjj-hx84-v449, PYSEC-2014-3
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffsr-th58-p3ct |
|
| 22 |
| url |
VCID-ga69-9y5g-77c3 |
| vulnerability_id |
VCID-ga69-9y5g-77c3 |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 4 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 5 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 6 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 7 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 8 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 9 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 10 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 11 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 12 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 13 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 14 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2as8-7qx6-2kba |
|
| 1 |
| vulnerability |
VCID-4gpn-bf2d-ybfb |
|
| 2 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 3 |
| vulnerability |
VCID-55xg-pw9n-zkdy |
|
| 4 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 5 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 6 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 7 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 8 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 9 |
| vulnerability |
VCID-fsz5-dkw2-hyap |
|
| 10 |
| vulnerability |
VCID-fxuu-kk52-r7ch |
|
| 11 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 12 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 13 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 14 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 15 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 16 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 17 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 18 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 19 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 20 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 21 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 22 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64458, CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ga69-9y5g-77c3 |
|
| 23 |
| url |
VCID-jfya-694v-myar |
| vulnerability_id |
VCID-jfya-694v-myar |
| summary |
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.21 |
| purl |
pkg:pypi/django@1.4.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 14 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 17 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 19 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.21 |
|
| 1 |
| url |
pkg:pypi/django@1.7.9 |
| purl |
pkg:pypi/django@1.7.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 14 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 15 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 16 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 17 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 18 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9 |
|
| 2 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 13 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 14 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 15 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 18 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 19 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 20 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 21 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jfya-694v-myar |
|
| 24 |
| url |
VCID-ksh8-pazn-dbca |
| vulnerability_id |
VCID-ksh8-pazn-dbca |
| summary |
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 6 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 7 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 8 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 9 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 10 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 11 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 12 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 13 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 14 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 15 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 16 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 17 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 6 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 7 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 12 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 13 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 14 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 15 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2512, GHSA-pw27-w7w4-9qc7, PYSEC-2016-15
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca |
|
| 25 |
| url |
VCID-mccp-khb9-qkb7 |
| vulnerability_id |
VCID-mccp-khb9-qkb7 |
| summary |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.21 |
| purl |
pkg:pypi/django@1.4.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 14 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 17 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 19 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.21 |
|
| 1 |
| url |
pkg:pypi/django@1.7.9 |
| purl |
pkg:pypi/django@1.7.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 14 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 15 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 16 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 17 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 18 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9 |
|
| 2 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 13 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 14 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 15 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 18 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 19 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 20 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 21 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5144, GHSA-q5qw-4364-5hhm, PYSEC-2015-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mccp-khb9-qkb7 |
|
| 26 |
| url |
VCID-r7tk-79xy-jkhj |
| vulnerability_id |
VCID-r7tk-79xy-jkhj |
| summary |
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.14 |
| purl |
pkg:pypi/django@1.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 9 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 10 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 11 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 12 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 13 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 14 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 15 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 16 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 17 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 18 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 19 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 20 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 21 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 22 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 23 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 24 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 25 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 26 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14 |
|
| 1 |
| url |
pkg:pypi/django@1.5.9 |
| purl |
pkg:pypi/django@1.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9 |
|
| 2 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 21 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 22 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
|
| aliases |
CVE-2014-0481, GHSA-296w-6qhq-gf92, PYSEC-2014-5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r7tk-79xy-jkhj |
|
| 27 |
| url |
VCID-rq19-9v21-47dy |
| vulnerability_id |
VCID-rq19-9v21-47dy |
| summary |
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.ubuntu.com/usn/USN-2169-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2169-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.11 |
| purl |
pkg:pypi/django@1.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 19 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 20 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 25 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 26 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 31 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 32 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.11 |
|
| 1 |
| url |
pkg:pypi/django@1.5.6 |
| purl |
pkg:pypi/django@1.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 27 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 28 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 29 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6 |
|
| 2 |
| url |
pkg:pypi/django@1.6.3 |
| purl |
pkg:pypi/django@1.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 8 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 9 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 10 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 11 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 12 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 13 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 14 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 15 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 16 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 17 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 18 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 19 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 20 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 21 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 22 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 23 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 24 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 25 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 26 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 27 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 28 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 29 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 30 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3 |
|
|
| aliases |
CVE-2014-0472, GHSA-rvq6-mrpv-m6rm, PYSEC-2014-1
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rq19-9v21-47dy |
|
| 28 |
| url |
VCID-rxxr-sseq-k7a9 |
| vulnerability_id |
VCID-rxxr-sseq-k7a9 |
| summary |
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.securityfocus.com/bid/77750 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/77750 |
|
| 21 |
| reference_url |
http://www.securitytracker.com/id/1034237 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securitytracker.com/id/1034237 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2816-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2816-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.11 |
| purl |
pkg:pypi/django@1.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 10 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 11 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 12 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 13 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 14 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11 |
|
| 1 |
| url |
pkg:pypi/django@1.8.7 |
| purl |
pkg:pypi/django@1.8.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 9 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 12 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 13 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 14 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 15 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 16 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 17 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 18 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 19 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7 |
|
| 2 |
| url |
pkg:pypi/django@1.9rc2 |
| purl |
pkg:pypi/django@1.9rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2 |
|
|
| aliases |
CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9 |
|
| 29 |
| url |
VCID-ta66-7qrm-sbhu |
| vulnerability_id |
VCID-ta66-7qrm-sbhu |
| summary |
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
http://ubuntu.com/usn/usn-2469-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://ubuntu.com/usn/usn-2469-1 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.18 |
| purl |
pkg:pypi/django@1.4.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 20 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.18 |
|
| 1 |
| url |
pkg:pypi/django@1.6.10 |
| purl |
pkg:pypi/django@1.6.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 5 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 6 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 11 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 12 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 13 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 14 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 15 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 16 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 17 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 18 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 19 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 20 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10 |
|
| 2 |
| url |
pkg:pypi/django@1.7.3 |
| purl |
pkg:pypi/django@1.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 19 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3 |
|
|
| aliases |
CVE-2015-0221, GHSA-jhjg-w2cp-5j44, PYSEC-2015-6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ta66-7qrm-sbhu |
|
| 30 |
| url |
VCID-u4a7-uvcb-9kf8 |
| vulnerability_id |
VCID-u4a7-uvcb-9kf8 |
| summary |
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.4.14 |
| purl |
pkg:pypi/django@1.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 9 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 10 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 11 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 12 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 13 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 14 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 15 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 16 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 17 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 18 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 19 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 20 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 21 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 22 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 23 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 24 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 25 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 26 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.14 |
|
| 1 |
| url |
pkg:pypi/django@1.5.9 |
| purl |
pkg:pypi/django@1.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 21 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 22 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 23 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9 |
|
| 2 |
| url |
pkg:pypi/django@1.6.6 |
| purl |
pkg:pypi/django@1.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 4 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 9 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 10 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 11 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 12 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 15 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 16 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 17 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 18 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 19 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 20 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 21 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 22 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6 |
|
| 3 |
|
|
| aliases |
CVE-2014-0482, GHSA-625g-gx8c-xcmg, PYSEC-2014-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u4a7-uvcb-9kf8 |
|
| 31 |
| url |
VCID-u5u9-xbb6-93hc |
| vulnerability_id |
VCID-u5u9-xbb6-93hc |
| summary |
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.2.7 |
| purl |
pkg:pypi/django@1.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 19 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 20 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 25 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 26 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 31 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 32 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 33 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 34 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7 |
|
| 1 |
| url |
pkg:pypi/django@1.3.1 |
| purl |
pkg:pypi/django@1.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 12 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 13 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 14 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 15 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 16 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 17 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 18 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 19 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 20 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 21 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 22 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 23 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 24 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 25 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 26 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 27 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 28 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 29 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 30 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 31 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 32 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 33 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 34 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 35 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 36 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 37 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 38 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 39 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1 |
|
|
| aliases |
CVE-2011-4139, GHSA-rm2j-x595-q9cj, PYSEC-2011-4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u5u9-xbb6-93hc |
|
| 32 |
| url |
VCID-u6sd-648r-qbdb |
| vulnerability_id |
VCID-u6sd-648r-qbdb |
| summary |
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.7.6 |
| purl |
pkg:pypi/django@1.7.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 12 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 13 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 17 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 18 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 19 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 20 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 21 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 22 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6 |
|
| 1 |
| url |
pkg:pypi/django@1.8b2 |
| purl |
pkg:pypi/django@1.8b2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 6 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 7 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 8 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 9 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 10 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 11 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 12 |
| vulnerability |
VCID-d62f-7csz-fuhm |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 15 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 16 |
| vulnerability |
VCID-n2eg-vn4k-yycf |
|
| 17 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 18 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 19 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 20 |
| vulnerability |
VCID-vacy-878s-3kfb |
|
| 21 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 22 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2 |
|
|
| aliases |
CVE-2015-2241, GHSA-6565-fg86-6jcx, PYSEC-2015-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u6sd-648r-qbdb |
|
| 33 |
| url |
VCID-vdpf-jddk-syda |
| vulnerability_id |
VCID-vdpf-jddk-syda |
| summary |
insufficient validation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4cp2-k4mn-8ffj |
|
| 2 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 3 |
| vulnerability |
VCID-51tx-4tp9-kbcz |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-6jpg-yrf8-cufy |
|
| 6 |
| vulnerability |
VCID-9end-mq19-rke5 |
|
| 7 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 8 |
| vulnerability |
VCID-attf-6gj8-ebaj |
|
| 9 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 10 |
| vulnerability |
VCID-drwp-htkk-bkfh |
|
| 11 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 12 |
| vulnerability |
VCID-fksk-pr23-2yd8 |
|
| 13 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 14 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 15 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 16 |
| vulnerability |
VCID-m4wa-xv9b-q7ce |
|
| 17 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 18 |
| vulnerability |
VCID-na9w-xkvx-cbhd |
|
| 19 |
| vulnerability |
VCID-nss9-1yrb-x7f2 |
|
| 20 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 21 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 22 |
| vulnerability |
VCID-u9q1-63gf-7feh |
|
| 23 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 24 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 25 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 26 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 2 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4cp2-k4mn-8ffj |
|
| 2 |
| vulnerability |
VCID-4pb2-tqru-uufs |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-fhp8-tck4-mye4 |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-hh9b-52xn-z7a9 |
|
| 10 |
| vulnerability |
VCID-j81e-su1y-tqa6 |
|
| 11 |
| vulnerability |
VCID-m4wa-xv9b-q7ce |
|
| 12 |
| vulnerability |
VCID-n9vn-4uxr-hkau |
|
| 13 |
| vulnerability |
VCID-na9w-xkvx-cbhd |
|
| 14 |
| vulnerability |
VCID-q8r2-m9s6-rbek |
|
| 15 |
| vulnerability |
VCID-qvfs-2v1h-p3h4 |
|
| 16 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 17 |
| vulnerability |
VCID-wnxx-rc7w-cke4 |
|
| 18 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
| 19 |
| vulnerability |
VCID-z4x1-e7tp-rqhz |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda |
|
| 34 |
| url |
VCID-vj5u-2ukv-audq |
| vulnerability_id |
VCID-vj5u-2ukv-audq |
| summary |
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
http://www.ubuntu.com/usn/USN-1560-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-1560-1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.3.2 |
| purl |
pkg:pypi/django@1.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 12 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 13 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 14 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 15 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 16 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 17 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 18 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 19 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 20 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 21 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 22 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 23 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 24 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 25 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 26 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 27 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 28 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 29 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 30 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 31 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 32 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 33 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 34 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 35 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2 |
|
| 1 |
| url |
pkg:pypi/django@1.4.1 |
| purl |
pkg:pypi/django@1.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12d7-vc63-rkdy |
|
| 1 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 2 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 3 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 4 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 5 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 6 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 7 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 8 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 9 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 10 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 11 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 12 |
| vulnerability |
VCID-71t1-69yq-c7h6 |
|
| 13 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 14 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 15 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 16 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 17 |
| vulnerability |
VCID-9bqp-b6rw-mye7 |
|
| 18 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 19 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 20 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 21 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 22 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 23 |
| vulnerability |
VCID-g2z3-2h8p-c7ge |
|
| 24 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 25 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 26 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 27 |
| vulnerability |
VCID-kq8u-td31-uqaa |
|
| 28 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 29 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 30 |
| vulnerability |
VCID-ps24-pjj4-uqd1 |
|
| 31 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 32 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 33 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 34 |
| vulnerability |
VCID-rtjn-qccc-8kc7 |
|
| 35 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 36 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 37 |
| vulnerability |
VCID-th75-ys47-d3h8 |
|
| 38 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 39 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 40 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 41 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 42 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 43 |
| vulnerability |
VCID-x212-mskt-9bbw |
|
| 44 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.1 |
|
|
| aliases |
CVE-2012-3444, GHSA-5h2q-4hrp-v9rr, PYSEC-2012-4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vj5u-2ukv-audq |
|
| 35 |
| url |
VCID-weqb-fxu4-17e7 |
| vulnerability_id |
VCID-weqb-fxu4-17e7 |
| summary |
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-3089-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3089-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.15 |
| purl |
pkg:pypi/django@1.8.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-c58g-7jpv-t7hc |
|
| 8 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 9 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 10 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 11 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 12 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 13 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 14 |
| vulnerability |
VCID-x61x-6b6k-h3bn |
|
| 15 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15 |
|
| 1 |
| url |
pkg:pypi/django@1.9.10 |
| purl |
pkg:pypi/django@1.9.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 2 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 3 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 4 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 5 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 6 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 7 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 8 |
| vulnerability |
VCID-qy2a-mvpz-q7eh |
|
| 9 |
| vulnerability |
VCID-rruq-9scz-vbg8 |
|
| 10 |
| vulnerability |
VCID-upbz-vg19-rugv |
|
| 11 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 12 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 13 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10 |
|
|
| aliases |
CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7 |
|
| 36 |
| url |
VCID-whgc-pt2s-77ar |
| vulnerability_id |
VCID-whgc-pt2s-77ar |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 2 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 3 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 4 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 5 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 6 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 7 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 8 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 9 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 10 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 11 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 12 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 13 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 14 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2as8-7qx6-2kba |
|
| 1 |
| vulnerability |
VCID-4gpn-bf2d-ybfb |
|
| 2 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 3 |
| vulnerability |
VCID-55xg-pw9n-zkdy |
|
| 4 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 5 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 6 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 7 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 8 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 9 |
| vulnerability |
VCID-fsz5-dkw2-hyap |
|
| 10 |
| vulnerability |
VCID-fxuu-kk52-r7ch |
|
| 11 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 12 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 13 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 14 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 15 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 16 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 17 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 18 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 19 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 20 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 21 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 22 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar |
|
| 37 |
| url |
VCID-xf2n-qua7-m7fb |
| vulnerability_id |
VCID-xf2n-qua7-m7fb |
| summary |
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.2.7 |
| purl |
pkg:pypi/django@1.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 2 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 3 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 4 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 5 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 6 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 7 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 8 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 9 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 10 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 11 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 12 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 13 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 14 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 15 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 16 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 17 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 18 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 19 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 20 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 21 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 22 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 23 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 24 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 25 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 26 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 27 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 28 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 29 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 30 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 31 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 32 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 33 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 34 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.2.7 |
|
| 1 |
| url |
pkg:pypi/django@1.3 |
| purl |
pkg:pypi/django@1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-38e1-hepp-vkg9 |
|
| 2 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 3 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 4 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 5 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 6 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 7 |
| vulnerability |
VCID-5brz-383w-pfbb |
|
| 8 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 9 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 10 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 11 |
| vulnerability |
VCID-66ax-8wdn-1bgb |
|
| 12 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 13 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 14 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 15 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 16 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 17 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 18 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 19 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 20 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 21 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 22 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 23 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 24 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 25 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 26 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 27 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 28 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 29 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 30 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 31 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 32 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 33 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 34 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 35 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 36 |
| vulnerability |
VCID-u5u9-xbb6-93hc |
|
| 37 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 38 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 39 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 40 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 41 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 42 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 43 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3 |
|
| 2 |
| url |
pkg:pypi/django@1.3.1 |
| purl |
pkg:pypi/django@1.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7g7m-bfe1-wkhd |
|
| 12 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 13 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 14 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 15 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 16 |
| vulnerability |
VCID-9bsf-vm3b-ubhw |
|
| 17 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 18 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 19 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 20 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 21 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 22 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 23 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 24 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 25 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 26 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 27 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 28 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 29 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 30 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 31 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 32 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 33 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 34 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 35 |
| vulnerability |
VCID-vj5u-2ukv-audq |
|
| 36 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 37 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 38 |
| vulnerability |
VCID-xf2n-qua7-m7fb |
|
| 39 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.1 |
|
| 3 |
| url |
pkg:pypi/django@1.3.2 |
| purl |
pkg:pypi/django@1.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-29qk-rv5n-efbm |
|
| 1 |
| vulnerability |
VCID-3juv-mecf-akdp |
|
| 2 |
| vulnerability |
VCID-3kza-a88p-kfg7 |
|
| 3 |
| vulnerability |
VCID-3sg7-t77d-rkc6 |
|
| 4 |
| vulnerability |
VCID-492e-xffn-3bds |
|
| 5 |
| vulnerability |
VCID-4tyd-97z5-z3ar |
|
| 6 |
| vulnerability |
VCID-5dxz-7swx-rygn |
|
| 7 |
| vulnerability |
VCID-5q58-pzt4-8uey |
|
| 8 |
| vulnerability |
VCID-5vmb-d4xp-zfgy |
|
| 9 |
| vulnerability |
VCID-6w99-8w84-jkh9 |
|
| 10 |
| vulnerability |
VCID-6wah-r8vr-5qc4 |
|
| 11 |
| vulnerability |
VCID-7rz2-nqdn-hycc |
|
| 12 |
| vulnerability |
VCID-8gus-er59-1qak |
|
| 13 |
| vulnerability |
VCID-8v2c-7739-2ugp |
|
| 14 |
| vulnerability |
VCID-912q-3eks-4yfm |
|
| 15 |
| vulnerability |
VCID-9mpt-zxaw-kkeg |
|
| 16 |
| vulnerability |
VCID-bahz-gfxv-e3b2 |
|
| 17 |
| vulnerability |
VCID-bb8b-hq41-s7a6 |
|
| 18 |
| vulnerability |
VCID-dh12-js4b-h7fw |
|
| 19 |
| vulnerability |
VCID-ffsr-th58-p3ct |
|
| 20 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 21 |
| vulnerability |
VCID-j7jf-zzvz-skgm |
|
| 22 |
| vulnerability |
VCID-jfya-694v-myar |
|
| 23 |
| vulnerability |
VCID-ksh8-pazn-dbca |
|
| 24 |
| vulnerability |
VCID-mccp-khb9-qkb7 |
|
| 25 |
| vulnerability |
VCID-qu99-yudm-57fp |
|
| 26 |
| vulnerability |
VCID-r7tk-79xy-jkhj |
|
| 27 |
| vulnerability |
VCID-rq19-9v21-47dy |
|
| 28 |
| vulnerability |
VCID-rxxr-sseq-k7a9 |
|
| 29 |
| vulnerability |
VCID-ta66-7qrm-sbhu |
|
| 30 |
| vulnerability |
VCID-u4a7-uvcb-9kf8 |
|
| 31 |
| vulnerability |
VCID-u6sd-648r-qbdb |
|
| 32 |
| vulnerability |
VCID-vdpf-jddk-syda |
|
| 33 |
| vulnerability |
VCID-weqb-fxu4-17e7 |
|
| 34 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
| 35 |
| vulnerability |
VCID-ynt9-h6ww-h7e9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.3.2 |
|
|
| aliases |
CVE-2011-4140, GHSA-h95j-h2rv-qrg4, PYSEC-2011-5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xf2n-qua7-m7fb |
|
| 38 |
| url |
VCID-ynt9-h6ww-h7e9 |
| vulnerability_id |
VCID-ynt9-h6ww-h7e9 |
| summary |
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 1 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 2 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 3 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 4 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 5 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 6 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 7 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 8 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 9 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 10 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 11 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 12 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 13 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 14 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 15 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 16 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 17 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 18 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2as8-7qx6-2kba |
|
| 1 |
| vulnerability |
VCID-4gpn-bf2d-ybfb |
|
| 2 |
| vulnerability |
VCID-4kcg-gx5y-cuaw |
|
| 3 |
| vulnerability |
VCID-55xg-pw9n-zkdy |
|
| 4 |
| vulnerability |
VCID-5xtt-au84-zbb2 |
|
| 5 |
| vulnerability |
VCID-7c5n-nzwk-v7bz |
|
| 6 |
| vulnerability |
VCID-7upw-5p86-8bfr |
|
| 7 |
| vulnerability |
VCID-abpe-htm1-9ubp |
|
| 8 |
| vulnerability |
VCID-eqsc-axng-ckca |
|
| 9 |
| vulnerability |
VCID-fcg9-xypn-ykhf |
|
| 10 |
| vulnerability |
VCID-fsz5-dkw2-hyap |
|
| 11 |
| vulnerability |
VCID-fxuu-kk52-r7ch |
|
| 12 |
| vulnerability |
VCID-ga69-9y5g-77c3 |
|
| 13 |
| vulnerability |
VCID-ga7z-wj4j-63h1 |
|
| 14 |
| vulnerability |
VCID-jybd-p65h-xffy |
|
| 15 |
| vulnerability |
VCID-kxdd-yzp3-r7cb |
|
| 16 |
| vulnerability |
VCID-m4am-h2ea-3ffr |
|
| 17 |
| vulnerability |
VCID-n2v7-jqjy-37bc |
|
| 18 |
| vulnerability |
VCID-phkp-9abp-f3dq |
|
| 19 |
| vulnerability |
VCID-r1vx-vv7d-gqaj |
|
| 20 |
| vulnerability |
VCID-shch-yusm-1uck |
|
| 21 |
| vulnerability |
VCID-shjc-2j68-2yfy |
|
| 22 |
| vulnerability |
VCID-tktt-vg92-6kae |
|
| 23 |
| vulnerability |
VCID-tuqc-c251-h7ds |
|
| 24 |
| vulnerability |
VCID-w777-44ns-cybg |
|
| 25 |
| vulnerability |
VCID-wa3g-27sx-mbcw |
|
| 26 |
| vulnerability |
VCID-whgc-pt2s-77ar |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9 |
|
|
|---|