Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.5.2
Typepypi
Namespace
Namedjango
Version1.5.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7b4
Latest_non_vulnerable_version5.0.14
Affected_by_vulnerabilities
0
url VCID-3kza-a88p-kfg7
vulnerability_id VCID-3kza-a88p-kfg7
summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
references
0
reference_url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1594.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1595.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1596.html
4
reference_url http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Jul/53
5
reference_url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
6
reference_url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
9
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
10
reference_url https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129/
11
reference_url http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3622
12
reference_url http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/538947/100/0/threaded
13
reference_url http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92058
14
reference_url http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036338
15
reference_url http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3039-1
16
reference_url http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url http://www.vulnerability-lab.com/get_content.php?id=1869
fixed_packages
0
url pkg:pypi/django@1.8.14
purl pkg:pypi/django@1.8.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
8
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14
1
url pkg:pypi/django@1.9.8
purl pkg:pypi/django@1.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8
2
url pkg:pypi/django@1.10rc1
purl pkg:pypi/django@1.10rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1
aliases CVE-2016-6186, PYSEC-2016-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7
1
url VCID-3sg7-t77d-rkc6
vulnerability_id VCID-3sg7-t77d-rkc6
summary The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
5
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
6
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
fixed_packages
0
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
1
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0473, PYSEC-2014-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sg7-t77d-rkc6
2
url VCID-5vmb-d4xp-zfgy
vulnerability_id VCID-5vmb-d4xp-zfgy
summary Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
9
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
12
reference_url http://www.ubuntu.com/usn/USN-2469-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2469-1
fixed_packages
0
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
1
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0219, PYSEC-2015-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vmb-d4xp-zfgy
3
url VCID-6wah-r8vr-5qc4
vulnerability_id VCID-6wah-r8vr-5qc4
summary The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
reference_id
reference_type
scores
url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83878
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83878
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2513, PYSEC-2016-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4
4
url VCID-71t1-69yq-c7h6
vulnerability_id VCID-71t1-69yq-c7h6
summary Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
2
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
3
reference_url http://ubuntu.com/usn/usn-2212-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2212-1
4
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
5
reference_url http://www.openwall.com/lists/oss-security/2014/05/14/10
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/14/10
6
reference_url http://www.openwall.com/lists/oss-security/2014/05/15/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/15/3
fixed_packages
0
url pkg:pypi/django@1.5.8
purl pkg:pypi/django@1.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vdpf-jddk-syda
19
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8
1
url pkg:pypi/django@1.6.5
purl pkg:pypi/django@1.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vacy-878s-3kfb
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5
2
url pkg:pypi/django@1.7b4
purl pkg:pypi/django@1.7b4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4
aliases CVE-2014-1418, PYSEC-2014-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71t1-69yq-c7h6
5
url VCID-7rz2-nqdn-hycc
vulnerability_id VCID-7rz2-nqdn-hycc
summary The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
5
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
6
reference_url http://www.securityfocus.com/bid/69425
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/69425
fixed_packages
0
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
1
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0480, PYSEC-2014-4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rz2-nqdn-hycc
6
url VCID-8gus-er59-1qak
vulnerability_id VCID-8gus-er59-1qak
summary multiple issues
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
6
reference_url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
7
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
8
reference_url http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94068
9
reference_url http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037159
10
reference_url http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3115-1
11
reference_url https://security.archlinux.org/ASA-201611-15
reference_id ASA-201611-15
reference_type
scores
url https://security.archlinux.org/ASA-201611-15
12
reference_url https://security.archlinux.org/AVG-57
reference_id AVG-57
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-57
fixed_packages
0
url pkg:pypi/django@1.8.16
purl pkg:pypi/django@1.8.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-c58g-7jpv-t7hc
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
5
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16
1
url pkg:pypi/django@1.9.11
purl pkg:pypi/django@1.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-rruq-9scz-vbg8
2
vulnerability VCID-upbz-vg19-rugv
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11
2
url pkg:pypi/django@1.10.3
purl pkg:pypi/django@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3
aliases CVE-2016-9014, PYSEC-2016-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak
7
url VCID-8v2c-7739-2ugp
vulnerability_id VCID-8v2c-7739-2ugp
summary The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6
reference_id
reference_type
scores
url https://github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6
5
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
6
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
fixed_packages
0
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
1
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0483, PYSEC-2014-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8v2c-7739-2ugp
8
url VCID-912q-3eks-4yfm
vulnerability_id VCID-912q-3eks-4yfm
summary The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
5
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
6
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
7
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
8
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
9
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
fixed_packages
0
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
1
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0220, PYSEC-2015-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-912q-3eks-4yfm
9
url VCID-9bqp-b6rw-mye7
vulnerability_id VCID-9bqp-b6rw-mye7
summary The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
2
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
3
reference_url http://ubuntu.com/usn/usn-2212-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2212-1
4
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
5
reference_url http://www.openwall.com/lists/oss-security/2014/05/14/10
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/14/10
6
reference_url http://www.openwall.com/lists/oss-security/2014/05/15/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/15/3
7
reference_url http://www.securityfocus.com/bid/67410
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/67410
fixed_packages
0
url pkg:pypi/django@1.5.8
purl pkg:pypi/django@1.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vdpf-jddk-syda
19
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8
1
url pkg:pypi/django@1.6.5
purl pkg:pypi/django@1.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vacy-878s-3kfb
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5
2
url pkg:pypi/django@1.7b4
purl pkg:pypi/django@1.7b4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4
aliases CVE-2014-3730, PYSEC-2014-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bqp-b6rw-mye7
10
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
11
url VCID-bahz-gfxv-e3b2
vulnerability_id VCID-bahz-gfxv-e3b2
summary The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
4
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
5
reference_url http://ubuntu.com/usn/usn-2539-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2539-1
6
reference_url http://www.debian.org/security/2015/dsa-3204
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3204
7
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
8
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
9
reference_url http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73319
fixed_packages
0
url pkg:pypi/django@1.6.11
purl pkg:pypi/django@1.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-mccp-khb9-qkb7
7
vulnerability VCID-rxxr-sseq-k7a9
8
vulnerability VCID-u6sd-648r-qbdb
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11
1
url pkg:pypi/django@1.7.7
purl pkg:pypi/django@1.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-th75-ys47-d3h8
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7
2
url pkg:pypi/django@1.8rc1
purl pkg:pypi/django@1.8rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1
aliases CVE-2015-2317, PYSEC-2015-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahz-gfxv-e3b2
12
url VCID-dh12-js4b-h7fw
vulnerability_id VCID-dh12-js4b-h7fw
summary ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
9
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
10
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
fixed_packages
0
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
1
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0222, PYSEC-2015-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh12-js4b-h7fw
13
url VCID-ffsr-th58-p3ct
vulnerability_id VCID-ffsr-th58-p3ct
summary The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
5
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
6
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
fixed_packages
0
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
1
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0474, PYSEC-2014-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffsr-th58-p3ct
14
url VCID-g2z3-2h8p-c7ge
vulnerability_id VCID-g2z3-2h8p-c7ge
summary Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1521.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1521.html
2
reference_url http://secunia.com/advisories/54772
reference_id
reference_type
scores
url http://secunia.com/advisories/54772
3
reference_url http://secunia.com/advisories/54828
reference_id
reference_type
scores
url http://secunia.com/advisories/54828
4
reference_url https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/
5
reference_url http://www.debian.org/security/2013/dsa-2755
reference_id
reference_type
scores
url http://www.debian.org/security/2013/dsa-2755
fixed_packages
0
url pkg:pypi/django@1.5.3
purl pkg:pypi/django@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-71t1-69yq-c7h6
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bqp-b6rw-mye7
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-ps24-pjj4-uqd1
18
vulnerability VCID-r7tk-79xy-jkhj
19
vulnerability VCID-rq19-9v21-47dy
20
vulnerability VCID-rxxr-sseq-k7a9
21
vulnerability VCID-ta66-7qrm-sbhu
22
vulnerability VCID-u4a7-uvcb-9kf8
23
vulnerability VCID-u6sd-648r-qbdb
24
vulnerability VCID-vdpf-jddk-syda
25
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.3
aliases CVE-2013-4315, PYSEC-2013-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g2z3-2h8p-c7ge
15
url VCID-jfya-694v-myar
vulnerability_id VCID-jfya-694v-myar
summary The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-1678.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1678.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-1686.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1686.html
5
reference_url https://github.com/advisories/GHSA-h582-2pch-3xv3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h582-2pch-3xv3
6
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
7
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
8
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
9
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
10
reference_url http://www.securityfocus.com/bid/75666
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75666
11
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
12
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
fixed_packages
0
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
1
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfya-694v-myar
16
url VCID-ksh8-pazn-dbca
vulnerability_id VCID-ksh8-pazn-dbca
summary The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83879
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83879
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2512, PYSEC-2016-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca
17
url VCID-mccp-khb9-qkb7
vulnerability_id VCID-mccp-khb9-qkb7
summary Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
4
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
5
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
6
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
7
reference_url http://www.securityfocus.com/bid/75665
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75665
8
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
9
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
fixed_packages
0
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
1
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5144, PYSEC-2015-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mccp-khb9-qkb7
18
url VCID-ps24-pjj4-uqd1
vulnerability_id VCID-ps24-pjj4-uqd1
summary The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html
2
reference_url http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html
reference_id
reference_type
scores
url http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html
3
reference_url https://www.djangoproject.com/weblog/2013/sep/15/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2013/sep/15/security/
4
reference_url http://www.debian.org/security/2013/dsa-2758
reference_id
reference_type
scores
url http://www.debian.org/security/2013/dsa-2758
fixed_packages
0
url pkg:pypi/django@1.5.4
purl pkg:pypi/django@1.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-71t1-69yq-c7h6
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bqp-b6rw-mye7
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-jfya-694v-myar
15
vulnerability VCID-ksh8-pazn-dbca
16
vulnerability VCID-mccp-khb9-qkb7
17
vulnerability VCID-r7tk-79xy-jkhj
18
vulnerability VCID-rq19-9v21-47dy
19
vulnerability VCID-rxxr-sseq-k7a9
20
vulnerability VCID-ta66-7qrm-sbhu
21
vulnerability VCID-u4a7-uvcb-9kf8
22
vulnerability VCID-u6sd-648r-qbdb
23
vulnerability VCID-vdpf-jddk-syda
24
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.4
aliases CVE-2013-1443, PYSEC-2013-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ps24-pjj4-uqd1
19
url VCID-r7tk-79xy-jkhj
vulnerability_id VCID-r7tk-79xy-jkhj
summary The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
5
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
fixed_packages
0
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
1
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0481, PYSEC-2014-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7tk-79xy-jkhj
20
url VCID-rq19-9v21-47dy
vulnerability_id VCID-rq19-9v21-47dy
summary The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0456.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0456.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0457.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0457.html
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/apr/21/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/apr/21/security/
5
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
6
reference_url http://www.ubuntu.com/usn/USN-2169-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2169-1
fixed_packages
0
url pkg:pypi/django@1.5.6
purl pkg:pypi/django@1.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.6
1
url pkg:pypi/django@1.6.3
purl pkg:pypi/django@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-71t1-69yq-c7h6
4
vulnerability VCID-7rz2-nqdn-hycc
5
vulnerability VCID-8gus-er59-1qak
6
vulnerability VCID-8v2c-7739-2ugp
7
vulnerability VCID-912q-3eks-4yfm
8
vulnerability VCID-9bqp-b6rw-mye7
9
vulnerability VCID-9mpt-zxaw-kkeg
10
vulnerability VCID-bahz-gfxv-e3b2
11
vulnerability VCID-dh12-js4b-h7fw
12
vulnerability VCID-jfya-694v-myar
13
vulnerability VCID-ksh8-pazn-dbca
14
vulnerability VCID-mccp-khb9-qkb7
15
vulnerability VCID-r7tk-79xy-jkhj
16
vulnerability VCID-rxxr-sseq-k7a9
17
vulnerability VCID-ta66-7qrm-sbhu
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vacy-878s-3kfb
21
vulnerability VCID-vdpf-jddk-syda
22
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.3
aliases CVE-2014-0472, PYSEC-2014-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq19-9v21-47dy
21
url VCID-rxxr-sseq-k7a9
vulnerability_id VCID-rxxr-sseq-k7a9
summary The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-0129.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0129.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0156.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0156.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0157.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0157.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-0158.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0158.html
8
reference_url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
reference_id
reference_type
scores
url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
9
reference_url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
10
reference_url http://www.debian.org/security/2015/dsa-3404
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3404
11
reference_url http://www.securityfocus.com/bid/77750
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77750
12
reference_url http://www.securitytracker.com/id/1034237
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034237
13
reference_url http://www.ubuntu.com/usn/USN-2816-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2816-1
fixed_packages
0
url pkg:pypi/django@1.7.11
purl pkg:pypi/django@1.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11
1
url pkg:pypi/django@1.8.7
purl pkg:pypi/django@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-upbz-vg19-rugv
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
11
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7
2
url pkg:pypi/django@1.9rc2
purl pkg:pypi/django@1.9rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2
aliases CVE-2015-8213, PYSEC-2015-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9
22
url VCID-ta66-7qrm-sbhu
vulnerability_id VCID-ta66-7qrm-sbhu
summary The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
references
0
reference_url http://advisories.mageia.org/MGASA-2015-0026.html
reference_id
reference_type
scores
url http://advisories.mageia.org/MGASA-2015-0026.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
6
reference_url http://secunia.com/advisories/62285
reference_id
reference_type
scores
url http://secunia.com/advisories/62285
7
reference_url http://secunia.com/advisories/62309
reference_id
reference_type
scores
url http://secunia.com/advisories/62309
8
reference_url http://secunia.com/advisories/62718
reference_id
reference_type
scores
url http://secunia.com/advisories/62718
9
reference_url https://www.djangoproject.com/weblog/2015/jan/13/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/13/security/
10
reference_url http://ubuntu.com/usn/usn-2469-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2469-1
11
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
12
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
fixed_packages
0
url pkg:pypi/django@1.6.10
purl pkg:pypi/django@1.6.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-u6sd-648r-qbdb
10
vulnerability VCID-vacy-878s-3kfb
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.10
1
url pkg:pypi/django@1.7.3
purl pkg:pypi/django@1.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-u6sd-648r-qbdb
12
vulnerability VCID-vacy-878s-3kfb
13
vulnerability VCID-vdpf-jddk-syda
14
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.3
aliases CVE-2015-0221, PYSEC-2015-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta66-7qrm-sbhu
23
url VCID-u4a7-uvcb-9kf8
vulnerability_id VCID-u4a7-uvcb-9kf8
summary The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/59782
reference_id
reference_type
scores
url http://secunia.com/advisories/59782
2
reference_url http://secunia.com/advisories/61276
reference_id
reference_type
scores
url http://secunia.com/advisories/61276
3
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
4
reference_url https://www.djangoproject.com/weblog/2014/aug/20/security/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/aug/20/security/
5
reference_url http://www.debian.org/security/2014/dsa-3010
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-3010
fixed_packages
0
url pkg:pypi/django@1.5.9
purl pkg:pypi/django@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vdpf-jddk-syda
15
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.9
1
url pkg:pypi/django@1.6.6
purl pkg:pypi/django@1.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-912q-3eks-4yfm
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-bahz-gfxv-e3b2
7
vulnerability VCID-dh12-js4b-h7fw
8
vulnerability VCID-jfya-694v-myar
9
vulnerability VCID-ksh8-pazn-dbca
10
vulnerability VCID-mccp-khb9-qkb7
11
vulnerability VCID-rxxr-sseq-k7a9
12
vulnerability VCID-ta66-7qrm-sbhu
13
vulnerability VCID-u6sd-648r-qbdb
14
vulnerability VCID-vacy-878s-3kfb
15
vulnerability VCID-vdpf-jddk-syda
16
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.6
aliases CVE-2014-0482, PYSEC-2014-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4a7-uvcb-9kf8
24
url VCID-u6sd-648r-qbdb
vulnerability_id VCID-u6sd-648r-qbdb
summary Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
references
0
reference_url https://code.djangoproject.com/ticket/24461
reference_id
reference_type
scores
url https://code.djangoproject.com/ticket/24461
1
reference_url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
3
reference_url http://www.securityfocus.com/bid/73095
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73095
fixed_packages
0
url pkg:pypi/django@1.7.6
purl pkg:pypi/django@1.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-vacy-878s-3kfb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6
1
url pkg:pypi/django@1.8b2
purl pkg:pypi/django@1.8b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-vacy-878s-3kfb
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2
aliases CVE-2015-2241, PYSEC-2015-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6sd-648r-qbdb
25
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
26
url VCID-weqb-fxu4-17e7
vulnerability_id VCID-weqb-fxu4-17e7
summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2038.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2039.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2040.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2041.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2042.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2043.html
6
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
7
reference_url http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3678
8
reference_url http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93182
9
reference_url http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036899
10
reference_url http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3089-1
fixed_packages
0
url pkg:pypi/django@1.8.15
purl pkg:pypi/django@1.8.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15
1
url pkg:pypi/django@1.9.10
purl pkg:pypi/django@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10
aliases CVE-2016-7401, PYSEC-2016-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7
Fixing_vulnerabilities
0
url VCID-wfas-jszp-k7dz
vulnerability_id VCID-wfas-jszp-k7dz
summary Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.
references
0
reference_url http://seclists.org/oss-sec/2013/q3/369
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q3/369
1
reference_url http://seclists.org/oss-sec/2013/q3/411
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q3/411
2
reference_url http://secunia.com/advisories/54476
reference_id
reference_type
scores
url http://secunia.com/advisories/54476
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86438
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86438
4
reference_url https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78
reference_id
reference_type
scores
url https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78
5
reference_url https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560
reference_id
reference_type
scores
url https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560
6
reference_url https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
7
reference_url http://www.securitytracker.com/id/1028915
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1028915
fixed_packages
0
url pkg:pypi/django@1.5.2
purl pkg:pypi/django@1.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-71t1-69yq-c7h6
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bqp-b6rw-mye7
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-g2z3-2h8p-c7ge
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-ksh8-pazn-dbca
17
vulnerability VCID-mccp-khb9-qkb7
18
vulnerability VCID-ps24-pjj4-uqd1
19
vulnerability VCID-r7tk-79xy-jkhj
20
vulnerability VCID-rq19-9v21-47dy
21
vulnerability VCID-rxxr-sseq-k7a9
22
vulnerability VCID-ta66-7qrm-sbhu
23
vulnerability VCID-u4a7-uvcb-9kf8
24
vulnerability VCID-u6sd-648r-qbdb
25
vulnerability VCID-vdpf-jddk-syda
26
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2
aliases CVE-2013-4249, PYSEC-2013-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfas-jszp-k7dz
1
url VCID-x212-mskt-9bbw
vulnerability_id VCID-x212-mskt-9bbw
summary The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1521.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-1521.html
2
reference_url http://seclists.org/oss-sec/2013/q3/369
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q3/369
3
reference_url http://seclists.org/oss-sec/2013/q3/411
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q3/411
4
reference_url http://secunia.com/advisories/54476
reference_id
reference_type
scores
url http://secunia.com/advisories/54476
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86437
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86437
6
reference_url https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f
reference_id
reference_type
scores
url https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f
7
reference_url https://github.com/django/django/commit/ae3535169af804352517b7fea94a42a1c9c4b762
reference_id
reference_type
scores
url https://github.com/django/django/commit/ae3535169af804352517b7fea94a42a1c9c4b762
8
reference_url https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a
reference_id
reference_type
scores
url https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a
9
reference_url https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
10
reference_url http://www.debian.org/security/2013/dsa-2740
reference_id
reference_type
scores
url http://www.debian.org/security/2013/dsa-2740
11
reference_url http://www.securityfocus.com/bid/61777
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/61777
12
reference_url http://www.securitytracker.com/id/1028915
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1028915
fixed_packages
0
url pkg:pypi/django@1.4.6
purl pkg:pypi/django@1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-71t1-69yq-c7h6
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bqp-b6rw-mye7
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-g2z3-2h8p-c7ge
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-kq8u-td31-uqaa
17
vulnerability VCID-ksh8-pazn-dbca
18
vulnerability VCID-mccp-khb9-qkb7
19
vulnerability VCID-ps24-pjj4-uqd1
20
vulnerability VCID-r7tk-79xy-jkhj
21
vulnerability VCID-rq19-9v21-47dy
22
vulnerability VCID-rxxr-sseq-k7a9
23
vulnerability VCID-ta66-7qrm-sbhu
24
vulnerability VCID-th75-ys47-d3h8
25
vulnerability VCID-u4a7-uvcb-9kf8
26
vulnerability VCID-u6sd-648r-qbdb
27
vulnerability VCID-vdpf-jddk-syda
28
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.6
1
url pkg:pypi/django@1.5.2
purl pkg:pypi/django@1.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-3sg7-t77d-rkc6
2
vulnerability VCID-5vmb-d4xp-zfgy
3
vulnerability VCID-6wah-r8vr-5qc4
4
vulnerability VCID-71t1-69yq-c7h6
5
vulnerability VCID-7rz2-nqdn-hycc
6
vulnerability VCID-8gus-er59-1qak
7
vulnerability VCID-8v2c-7739-2ugp
8
vulnerability VCID-912q-3eks-4yfm
9
vulnerability VCID-9bqp-b6rw-mye7
10
vulnerability VCID-9mpt-zxaw-kkeg
11
vulnerability VCID-bahz-gfxv-e3b2
12
vulnerability VCID-dh12-js4b-h7fw
13
vulnerability VCID-ffsr-th58-p3ct
14
vulnerability VCID-g2z3-2h8p-c7ge
15
vulnerability VCID-jfya-694v-myar
16
vulnerability VCID-ksh8-pazn-dbca
17
vulnerability VCID-mccp-khb9-qkb7
18
vulnerability VCID-ps24-pjj4-uqd1
19
vulnerability VCID-r7tk-79xy-jkhj
20
vulnerability VCID-rq19-9v21-47dy
21
vulnerability VCID-rxxr-sseq-k7a9
22
vulnerability VCID-ta66-7qrm-sbhu
23
vulnerability VCID-u4a7-uvcb-9kf8
24
vulnerability VCID-u6sd-648r-qbdb
25
vulnerability VCID-vdpf-jddk-syda
26
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2
aliases CVE-2013-6044, PYSEC-2013-21
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x212-mskt-9bbw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2