Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.7.6
Typepypi
Namespace
Namedjango
Version1.7.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.19
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-3kza-a88p-kfg7
vulnerability_id VCID-3kza-a88p-kfg7
summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
references
0
reference_url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1594.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1595.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1596.html
4
reference_url http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Jul/53
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
7
reference_url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
8
reference_url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
14
reference_url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
15
reference_url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
16
reference_url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
17
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
18
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
19
reference_url https://www.exploit-db.com/exploits/40129
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129
20
reference_url https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129/
21
reference_url http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3622
22
reference_url http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/538947/100/0/threaded
23
reference_url http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92058
24
reference_url http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036338
25
reference_url http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3039-1
26
reference_url http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url http://www.vulnerability-lab.com/get_content.php?id=1869
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
reference_id CVE-2016-6186
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
28
reference_url https://github.com/advisories/GHSA-c8c8-9472-w52h
reference_id GHSA-c8c8-9472-w52h
reference_type
scores
url https://github.com/advisories/GHSA-c8c8-9472-w52h
fixed_packages
0
url pkg:pypi/django@1.8.14
purl pkg:pypi/django@1.8.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
8
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14
1
url pkg:pypi/django@1.9.8
purl pkg:pypi/django@1.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8
2
url pkg:pypi/django@1.10rc1
purl pkg:pypi/django@1.10rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1
aliases CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7
1
url VCID-6wah-r8vr-5qc4
vulnerability_id VCID-6wah-r8vr-5qc4
summary The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
reference_id
reference_type
scores
url https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83878
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83878
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2513, PYSEC-2016-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4
2
url VCID-8gus-er59-1qak
vulnerability_id VCID-8gus-er59-1qak
summary multiple issues
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
6
reference_url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
7
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
8
reference_url http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94068
9
reference_url http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037159
10
reference_url http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3115-1
11
reference_url https://security.archlinux.org/ASA-201611-15
reference_id ASA-201611-15
reference_type
scores
url https://security.archlinux.org/ASA-201611-15
12
reference_url https://security.archlinux.org/AVG-57
reference_id AVG-57
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-57
fixed_packages
0
url pkg:pypi/django@1.8.16
purl pkg:pypi/django@1.8.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-c58g-7jpv-t7hc
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
5
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16
1
url pkg:pypi/django@1.9.11
purl pkg:pypi/django@1.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-rruq-9scz-vbg8
2
vulnerability VCID-upbz-vg19-rugv
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11
2
url pkg:pypi/django@1.10.3
purl pkg:pypi/django@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3
aliases CVE-2016-9014, PYSEC-2016-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak
3
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
4
url VCID-bahz-gfxv-e3b2
vulnerability_id VCID-bahz-gfxv-e3b2
summary The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b
reference_id
reference_type
scores
url https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b
6
reference_url https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1
reference_id
reference_type
scores
url https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1
7
reference_url https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9
reference_id
reference_type
scores
url https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9
8
reference_url https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04
reference_id
reference_type
scores
url https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml
10
reference_url https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319
11
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
12
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
13
reference_url http://ubuntu.com/usn/usn-2539-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2539-1
14
reference_url http://www.debian.org/security/2015/dsa-3204
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3204
15
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
16
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
17
reference_url http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73319
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2317
reference_id CVE-2015-2317
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-2317
19
reference_url https://github.com/advisories/GHSA-7fq8-4pv5-5w5c
reference_id GHSA-7fq8-4pv5-5w5c
reference_type
scores
url https://github.com/advisories/GHSA-7fq8-4pv5-5w5c
fixed_packages
0
url pkg:pypi/django@1.7.7
purl pkg:pypi/django@1.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-th75-ys47-d3h8
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7
1
url pkg:pypi/django@1.8rc1
purl pkg:pypi/django@1.8rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1
aliases CVE-2015-2317, GHSA-7fq8-4pv5-5w5c, PYSEC-2015-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahz-gfxv-e3b2
5
url VCID-jfya-694v-myar
vulnerability_id VCID-jfya-694v-myar
summary The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-1678.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1678.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-1686.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1686.html
5
reference_url https://github.com/advisories/GHSA-h582-2pch-3xv3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h582-2pch-3xv3
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
reference_id
reference_type
scores
url https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
8
reference_url https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
reference_id
reference_type
scores
url https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
9
reference_url https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
reference_id
reference_type
scores
url https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
11
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
12
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
13
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
14
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
15
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
16
reference_url http://www.securityfocus.com/bid/75666
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75666
17
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
18
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5143
reference_id CVE-2015-5143
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5143
fixed_packages
0
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
1
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfya-694v-myar
6
url VCID-kq8u-td31-uqaa
vulnerability_id VCID-kq8u-td31-uqaa
summary contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-1766.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1766.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-1767.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1767.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2015-1894.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1894.html
6
reference_url https://access.redhat.com/errata/RHSA-2015:1876
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1876
7
reference_url https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
8
reference_url http://www.debian.org/security/2015/dsa-3338
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3338
9
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
10
reference_url http://www.securityfocus.com/bid/76428
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/76428
11
reference_url http://www.securitytracker.com/id/1033318
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1033318
12
reference_url http://www.ubuntu.com/usn/USN-2720-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2720-1
fixed_packages
0
url pkg:pypi/django@1.7.10
purl pkg:pypi/django@1.7.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-rxxr-sseq-k7a9
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.10
1
url pkg:pypi/django@1.8.4
purl pkg:pypi/django@1.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-upbz-vg19-rugv
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-weqb-fxu4-17e7
12
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.4
aliases CVE-2015-5963, PYSEC-2015-22
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kq8u-td31-uqaa
7
url VCID-ksh8-pazn-dbca
vulnerability_id VCID-ksh8-pazn-dbca
summary The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0502.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0504.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0505.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0506.html
4
reference_url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
reference_id
reference_type
scores
url https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
5
reference_url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
6
reference_url http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3544
7
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
8
reference_url http://www.securityfocus.com/bid/83879
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/83879
9
reference_url http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035152
10
reference_url http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-1
11
reference_url http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-2
12
reference_url http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2915-3
fixed_packages
0
url pkg:pypi/django@1.8.10
purl pkg:pypi/django@1.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-c58g-7jpv-t7hc
4
vulnerability VCID-qy2a-mvpz-q7eh
5
vulnerability VCID-rruq-9scz-vbg8
6
vulnerability VCID-upbz-vg19-rugv
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
9
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10
1
url pkg:pypi/django@1.9.3
purl pkg:pypi/django@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-8gus-er59-1qak
2
vulnerability VCID-9mpt-zxaw-kkeg
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3
aliases CVE-2016-2512, PYSEC-2016-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca
8
url VCID-mccp-khb9-qkb7
vulnerability_id VCID-mccp-khb9-qkb7
summary Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
3
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201510-06
4
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
5
reference_url http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3305
6
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
7
reference_url http://www.securityfocus.com/bid/75665
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75665
8
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
9
reference_url http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2671-1
fixed_packages
0
url pkg:pypi/django@1.7.9
purl pkg:pypi/django@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-kq8u-td31-uqaa
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-rxxr-sseq-k7a9
7
vulnerability VCID-th75-ys47-d3h8
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9
1
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-qy2a-mvpz-q7eh
8
vulnerability VCID-rruq-9scz-vbg8
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-upbz-vg19-rugv
11
vulnerability VCID-vdpf-jddk-syda
12
vulnerability VCID-weqb-fxu4-17e7
13
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
aliases CVE-2015-5144, PYSEC-2015-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mccp-khb9-qkb7
9
url VCID-rxxr-sseq-k7a9
vulnerability_id VCID-rxxr-sseq-k7a9
summary The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-0129.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0129.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-0156.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0156.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0157.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0157.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2016-0158.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0158.html
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
reference_id
reference_type
scores
url https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
10
reference_url https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
reference_id
reference_type
scores
url https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
11
reference_url https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
reference_id
reference_type
scores
url https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
12
reference_url https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
reference_id
reference_type
scores
url https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
14
reference_url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
15
reference_url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
16
reference_url http://www.debian.org/security/2015/dsa-3404
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3404
17
reference_url http://www.securityfocus.com/bid/77750
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77750
18
reference_url http://www.securitytracker.com/id/1034237
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034237
19
reference_url http://www.ubuntu.com/usn/USN-2816-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2816-1
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8213
reference_id CVE-2015-8213
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-8213
21
reference_url https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
reference_id GHSA-6wcr-wcqm-3mfh
reference_type
scores
url https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
fixed_packages
0
url pkg:pypi/django@1.7.11
purl pkg:pypi/django@1.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11
1
url pkg:pypi/django@1.8.7
purl pkg:pypi/django@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-c58g-7jpv-t7hc
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-upbz-vg19-rugv
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
11
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7
2
url pkg:pypi/django@1.9rc2
purl pkg:pypi/django@1.9rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2
aliases CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9
10
url VCID-th75-ys47-d3h8
vulnerability_id VCID-th75-ys47-d3h8
summary The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-1766.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1766.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-1767.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1767.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-1894.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1894.html
4
reference_url https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
5
reference_url http://www.debian.org/security/2015/dsa-3338
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3338
6
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
7
reference_url http://www.securityfocus.com/bid/76440
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/76440
8
reference_url http://www.securitytracker.com/id/1033318
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1033318
9
reference_url http://www.ubuntu.com/usn/USN-2720-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2720-1
fixed_packages
0
url pkg:pypi/django@1.7.10
purl pkg:pypi/django@1.7.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-rxxr-sseq-k7a9
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.10
aliases CVE-2015-5964, PYSEC-2015-23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th75-ys47-d3h8
11
url VCID-vacy-878s-3kfb
vulnerability_id VCID-vacy-878s-3kfb
summary The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbd
reference_id
reference_type
scores
url https://github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbd
4
reference_url https://github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524f
reference_id
reference_type
scores
url https://github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524f
5
reference_url https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97
reference_id
reference_type
scores
url https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-18.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-18.yaml
7
reference_url https://web.archive.org/web/20200229033201/http://www.securityfocus.com/bid/73322
reference_id
reference_type
scores
url https://web.archive.org/web/20200229033201/http://www.securityfocus.com/bid/73322
8
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases
9
reference_url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
10
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
11
reference_url http://www.securityfocus.com/bid/73322
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73322
12
reference_url http://www.ubuntu.com/usn/USN-2539-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2539-1
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2316
reference_id CVE-2015-2316
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-2316
14
reference_url https://github.com/advisories/GHSA-j3j3-jrfh-cm2w
reference_id GHSA-j3j3-jrfh-cm2w
reference_type
scores
url https://github.com/advisories/GHSA-j3j3-jrfh-cm2w
fixed_packages
0
url pkg:pypi/django@1.7.7
purl pkg:pypi/django@1.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-jfya-694v-myar
5
vulnerability VCID-kq8u-td31-uqaa
6
vulnerability VCID-ksh8-pazn-dbca
7
vulnerability VCID-mccp-khb9-qkb7
8
vulnerability VCID-rxxr-sseq-k7a9
9
vulnerability VCID-th75-ys47-d3h8
10
vulnerability VCID-vdpf-jddk-syda
11
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7
1
url pkg:pypi/django@1.8rc1
purl pkg:pypi/django@1.8rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1
aliases CVE-2015-2316, GHSA-j3j3-jrfh-cm2w, PYSEC-2015-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vacy-878s-3kfb
12
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
13
url VCID-weqb-fxu4-17e7
vulnerability_id VCID-weqb-fxu4-17e7
summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2038.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2039.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2040.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2041.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2042.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2043.html
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
reference_id
reference_type
scores
url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
8
reference_url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
9
reference_url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
reference_id
reference_type
scores
url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
11
reference_url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
12
reference_url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
13
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
14
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
15
reference_url http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3678
16
reference_url http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93182
17
reference_url http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036899
18
reference_url http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3089-1
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
reference_id CVE-2016-7401
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
20
reference_url https://github.com/advisories/GHSA-crhm-qpjc-cm64
reference_id GHSA-crhm-qpjc-cm64
reference_type
scores
url https://github.com/advisories/GHSA-crhm-qpjc-cm64
fixed_packages
0
url pkg:pypi/django@1.8.15
purl pkg:pypi/django@1.8.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-c58g-7jpv-t7hc
3
vulnerability VCID-qy2a-mvpz-q7eh
4
vulnerability VCID-rruq-9scz-vbg8
5
vulnerability VCID-upbz-vg19-rugv
6
vulnerability VCID-vdpf-jddk-syda
7
vulnerability VCID-x61x-6b6k-h3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15
1
url pkg:pypi/django@1.9.10
purl pkg:pypi/django@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10
aliases CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7
Fixing_vulnerabilities
0
url VCID-u6sd-648r-qbdb
vulnerability_id VCID-u6sd-648r-qbdb
summary Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
references
0
reference_url https://code.djangoproject.com/ticket/24461
reference_id
reference_type
scores
url https://code.djangoproject.com/ticket/24461
1
reference_url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
2
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
reference_id
reference_type
scores
url http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
3
reference_url http://www.securityfocus.com/bid/73095
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/73095
fixed_packages
0
url pkg:pypi/django@1.7.6
purl pkg:pypi/django@1.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-jfya-694v-myar
6
vulnerability VCID-kq8u-td31-uqaa
7
vulnerability VCID-ksh8-pazn-dbca
8
vulnerability VCID-mccp-khb9-qkb7
9
vulnerability VCID-rxxr-sseq-k7a9
10
vulnerability VCID-th75-ys47-d3h8
11
vulnerability VCID-vacy-878s-3kfb
12
vulnerability VCID-vdpf-jddk-syda
13
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6
1
url pkg:pypi/django@1.8b2
purl pkg:pypi/django@1.8b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-bahz-gfxv-e3b2
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-vacy-878s-3kfb
7
vulnerability VCID-vdpf-jddk-syda
8
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8b2
aliases CVE-2015-2241, PYSEC-2015-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6sd-648r-qbdb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.6