| 0 |
| url |
VCID-27qc-gba4-aqfd |
| vulnerability_id |
VCID-27qc-gba4-aqfd |
| summary |
Denial-of-service possibility in logout() view by filling session store
A session can be created when anonymously accessing the `django.contrib.auth.views.logout` view (provided it wasn't decorated with `django.contrib.auth.decorators.login_required` as done in the admin). This allows an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users' session records to be evicted. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.4 |
| purl |
pkg:pypi/django@1.8.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 3 |
| vulnerability |
VCID-6p2m-vyft-xfe8 |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 10 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 11 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 12 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 13 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 14 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 15 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.4 |
|
|
| aliases |
GMS-2015-21
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-27qc-gba4-aqfd |
|
| 1 |
| url |
VCID-2bh9-k4at-r7hz |
| vulnerability_id |
VCID-2bh9-k4at-r7hz |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 7 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 11 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 15 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 18 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 19 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 20 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 2 |
| url |
pkg:pypi/django@3.0.3 |
| purl |
pkg:pypi/django@3.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 4 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 5 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 6 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 9 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 10 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 11 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 12 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 13 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2bh9-k4at-r7hz |
|
| 2 |
| url |
VCID-5sxw-p38k-q7cp |
| vulnerability_id |
VCID-5sxw-p38k-q7cp |
| summary |
denial of service |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 9 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 10 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 11 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 17 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 18 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 19 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 20 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 21 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 22 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 2 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 5 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 6 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 7 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 8 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 9 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5sxw-p38k-q7cp |
|
| 3 |
| url |
VCID-697r-xhy8-efa5 |
| vulnerability_id |
VCID-697r-xhy8-efa5 |
| summary |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 3 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 4 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 5 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 6 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 7 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 8 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 11 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 12 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 2 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 5 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 6 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 7 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 8 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 9 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 10 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2513, GHSA-fp6p-5xvw-m74f, PYSEC-2016-16
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-697r-xhy8-efa5 |
|
| 4 |
| url |
VCID-6fef-e9tf-7kag |
| vulnerability_id |
VCID-6fef-e9tf-7kag |
| summary |
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
http://www.ubuntu.com/usn/USN-2720-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2720-1 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.4 |
| purl |
pkg:pypi/django@1.8.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 3 |
| vulnerability |
VCID-6p2m-vyft-xfe8 |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 10 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 11 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 12 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 13 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 14 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 15 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.4 |
|
|
| aliases |
CVE-2015-5963, GHSA-pgxh-wfw4-jx2v, PYSEC-2015-22
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6fef-e9tf-7kag |
|
| 5 |
| url |
VCID-6p2m-vyft-xfe8 |
| vulnerability_id |
VCID-6p2m-vyft-xfe8 |
| summary |
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
http://www.securityfocus.com/bid/77750 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/77750 |
|
| 20 |
| reference_url |
http://www.securitytracker.com/id/1034237 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securitytracker.com/id/1034237 |
|
| 21 |
| reference_url |
http://www.ubuntu.com/usn/USN-2816-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2816-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.7 |
| purl |
pkg:pypi/django@1.8.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 5 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 6 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 9 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 10 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 11 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 12 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 13 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 14 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7 |
|
| 1 |
|
|
| aliases |
CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6p2m-vyft-xfe8 |
|
| 6 |
| url |
VCID-8nkf-1k3u-budg |
| vulnerability_id |
VCID-8nkf-1k3u-budg |
| summary |
validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27qc-gba4-aqfd |
|
| 1 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 2 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 3 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 4 |
| vulnerability |
VCID-6fef-e9tf-7kag |
|
| 5 |
| vulnerability |
VCID-6p2m-vyft-xfe8 |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 12 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 13 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 16 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 17 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5145, GHSA-cqf7-ff9h-7967, PYSEC-2015-21
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8nkf-1k3u-budg |
|
| 7 |
| url |
VCID-arff-yjfe-auhp |
| vulnerability_id |
VCID-arff-yjfe-auhp |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 3 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 4 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 5 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 6 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 7 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 8 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 9 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 10 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 15 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 16 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 17 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 18 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 19 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 20 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 21 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arff-yjfe-auhp |
|
| 8 |
| url |
VCID-azdn-r9pz-pqd4 |
| vulnerability_id |
VCID-azdn-r9pz-pqd4 |
| summary |
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27qc-gba4-aqfd |
|
| 1 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 2 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 3 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 4 |
| vulnerability |
VCID-6fef-e9tf-7kag |
|
| 5 |
| vulnerability |
VCID-6p2m-vyft-xfe8 |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 12 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 13 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 16 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 17 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-azdn-r9pz-pqd4 |
|
| 9 |
| url |
VCID-cbg1-8tp8-7ube |
| vulnerability_id |
VCID-cbg1-8tp8-7ube |
| summary |
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://www.exploit-db.com/exploits/40129 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://www.exploit-db.com/exploits/40129 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
http://www.ubuntu.com/usn/USN-3039-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3039-1 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.14 |
| purl |
pkg:pypi/django@1.8.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 5 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 6 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 7 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 10 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 11 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14 |
|
| 1 |
| url |
pkg:pypi/django@1.9.8 |
| purl |
pkg:pypi/django@1.9.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 2 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 3 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 4 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 5 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 6 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 7 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 8 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 9 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8 |
|
| 2 |
|
|
| aliases |
CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbg1-8tp8-7ube |
|
| 10 |
| url |
VCID-fkch-835a-4ffd |
| vulnerability_id |
VCID-fkch-835a-4ffd |
| summary |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2671-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2671-1 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.3 |
| purl |
pkg:pypi/django@1.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27qc-gba4-aqfd |
|
| 1 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 2 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 3 |
| vulnerability |
VCID-697r-xhy8-efa5 |
|
| 4 |
| vulnerability |
VCID-6fef-e9tf-7kag |
|
| 5 |
| vulnerability |
VCID-6p2m-vyft-xfe8 |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 12 |
| vulnerability |
VCID-nh19-fbce-wbfu |
|
| 13 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 16 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 17 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3 |
|
|
| aliases |
CVE-2015-5144, GHSA-q5qw-4364-5hhm, PYSEC-2015-10
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fkch-835a-4ffd |
|
| 11 |
| url |
VCID-fynq-usj6-rfd3 |
| vulnerability_id |
VCID-fynq-usj6-rfd3 |
| summary |
insufficient validation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 3 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 4 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 5 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 6 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 7 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 8 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 9 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 10 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 15 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 16 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 17 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 18 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 19 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 20 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 21 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 2 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 5 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 6 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 7 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 10 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 11 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 12 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 13 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 14 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fynq-usj6-rfd3 |
|
| 12 |
| url |
VCID-hs1y-thzf-qqct |
| vulnerability_id |
VCID-hs1y-thzf-qqct |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
http://www.ubuntu.com/usn/USN-3115-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3115-1 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9013, GHSA-mv8g-fhh6-6267, PYSEC-2016-17
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hs1y-thzf-qqct |
|
| 13 |
| url |
VCID-hzcv-euwq-eqeg |
| vulnerability_id |
VCID-hzcv-euwq-eqeg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 7 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 8 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 9 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 10 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 11 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 12 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 13 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 14 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 15 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 18 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 19 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 20 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzcv-euwq-eqeg |
|
| 14 |
| url |
VCID-j1jc-m7e2-5yck |
| vulnerability_id |
VCID-j1jc-m7e2-5yck |
| summary |
denial of service |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 9 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 10 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 11 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 17 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 18 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 19 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 20 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 21 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 22 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 2 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 5 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 6 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 7 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 8 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 9 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j1jc-m7e2-5yck |
|
| 15 |
| url |
VCID-nh19-fbce-wbfu |
| vulnerability_id |
VCID-nh19-fbce-wbfu |
| summary |
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-1 |
|
| 22 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-2 |
|
| 23 |
| reference_url |
http://www.ubuntu.com/usn/USN-2915-3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2915-3 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.10 |
| purl |
pkg:pypi/django@1.8.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 3 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 4 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 5 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 6 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 7 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 8 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 11 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 12 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10 |
|
| 1 |
| url |
pkg:pypi/django@1.9.3 |
| purl |
pkg:pypi/django@1.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 2 |
| vulnerability |
VCID-cbg1-8tp8-7ube |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 5 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 6 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 7 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 8 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 9 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
| 10 |
| vulnerability |
VCID-zuca-q98m-w7bk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3 |
|
|
| aliases |
CVE-2016-2512, GHSA-pw27-w7w4-9qc7, PYSEC-2016-15
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nh19-fbce-wbfu |
|
| 16 |
| url |
VCID-ptk1-k7b2-gkdm |
| vulnerability_id |
VCID-ptk1-k7b2-gkdm |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/advisories/GHSA-37hp-765x-j95x |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-37hp-765x-j95x |
|
| 10 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7233, GHSA-37hp-765x-j95x, PYSEC-2017-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ptk1-k7b2-gkdm |
|
| 17 |
|
| 18 |
| url |
VCID-s4vz-wfcp-aygd |
| vulnerability_id |
VCID-s4vz-wfcp-aygd |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
http://www.ubuntu.com/usn/USN-3115-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3115-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9014, GHSA-3f2c-jm6v-cr35, PYSEC-2016-18
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s4vz-wfcp-aygd |
|
| 19 |
| url |
VCID-yb2r-r8gy-3yhe |
| vulnerability_id |
VCID-yb2r-r8gy-3yhe |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/advisories/GHSA-h4hv-m4h4-mhwg |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-h4hv-m4h4-mhwg |
|
| 3 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-7234, GHSA-h4hv-m4h4-mhwg, PYSEC-2017-10
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yb2r-r8gy-3yhe |
|
| 20 |
| url |
VCID-zuca-q98m-w7bk |
| vulnerability_id |
VCID-zuca-q98m-w7bk |
| summary |
cross-site request forgery |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://www.ubuntu.com/usn/USN-3089-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-3089-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.8.15 |
| purl |
pkg:pypi/django@1.8.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 2 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 3 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 4 |
| vulnerability |
VCID-hs1y-thzf-qqct |
|
| 5 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 6 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 7 |
| vulnerability |
VCID-ptk1-k7b2-gkdm |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-s4vz-wfcp-aygd |
|
| 10 |
| vulnerability |
VCID-yb2r-r8gy-3yhe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15 |
|
| 1 |
|
|
| aliases |
CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zuca-q98m-w7bk |
|