Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@1.7.7

Type pypi

Namespace

Name django

Version 1.7.7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.11.19

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-3kza-a88p-kfg7

vulnerability_id VCID-3kza-a88p-kfg7

summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

references

reference_url	http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1594.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1595.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1596.html

reference_url	http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/Jul/53

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1

reference_url	https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158

reference_url	https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/

reference_url	https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded

reference_url	https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url	https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058

reference_url	https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url	https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338

reference_url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases

reference_url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

reference_url	https://www.exploit-db.com/exploits/40129
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40129

reference_url	https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40129/

reference_url	http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3622

reference_url	http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/538947/100/0/threaded

reference_url	http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/92058

reference_url	http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036338

reference_url	http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3039-1

reference_url	http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url	http://www.vulnerability-lab.com/get_content.php?id=1869

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-6186
reference_id	CVE-2016-6186
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-6186

reference_url	https://github.com/advisories/GHSA-c8c8-9472-w52h
reference_id	GHSA-c8c8-9472-w52h
reference_type
scores
url	https://github.com/advisories/GHSA-c8c8-9472-w52h

fixed_packages

url pkg:pypi/django@1.8.14

purl pkg:pypi/django@1.8.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14

url pkg:pypi/django@1.9.8

purl pkg:pypi/django@1.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8

url pkg:pypi/django@1.10rc1

purl pkg:pypi/django@1.10rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1

aliases CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7

url VCID-6wah-r8vr-5qc4

vulnerability_id VCID-6wah-r8vr-5qc4

summary The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0502.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0504.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0505.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0506.html

reference_url	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
reference_id
reference_type
scores
url	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab

reference_url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3544

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/83878
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83878

reference_url	http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035152

reference_url	http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-1

reference_url	http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-2

reference_url	http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-3

fixed_packages

url pkg:pypi/django@1.8.10

purl pkg:pypi/django@1.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10

url pkg:pypi/django@1.9.3

purl pkg:pypi/django@1.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3

aliases CVE-2016-2513, PYSEC-2016-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4

url VCID-8gus-er59-1qak

vulnerability_id VCID-8gus-er59-1qak

summary multiple issues

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

reference_url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

reference_url	http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3835

reference_url	http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94068

reference_url	http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037159

reference_url	http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3115-1

reference_url	https://security.archlinux.org/ASA-201611-15
reference_id	ASA-201611-15
reference_type
scores
url	https://security.archlinux.org/ASA-201611-15

reference_url

https://security.archlinux.org/AVG-57

reference_id

AVG-57

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-57

fixed_packages

url pkg:pypi/django@1.8.16

purl pkg:pypi/django@1.8.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16

url pkg:pypi/django@1.9.11

purl pkg:pypi/django@1.9.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11

url pkg:pypi/django@1.10.3

purl pkg:pypi/django@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-hpj4-a9fa-4bca

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3

aliases CVE-2016-9014, PYSEC-2016-18

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak

url VCID-9mpt-zxaw-kkeg

vulnerability_id VCID-9mpt-zxaw-kkeg

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

https://security.archlinux.org/AVG-2026

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2026

fixed_packages

url pkg:pypi/django@2.2.24

purl pkg:pypi/django@2.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24

url pkg:pypi/django@3.1.12

purl pkg:pypi/django@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-n9vn-4uxr-hkau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12

url pkg:pypi/django@3.2.4

purl pkg:pypi/django@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4

aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg

url VCID-jfya-694v-myar

vulnerability_id VCID-jfya-694v-myar

summary The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1678.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1678.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1686.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1686.html

reference_url	https://github.com/advisories/GHSA-h582-2pch-3xv3
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-h582-2pch-3xv3

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
reference_id
reference_type
scores
url	https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663

reference_url	https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9

reference_url	https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
reference_id
reference_type
scores
url	https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml

reference_url	https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201510-06

reference_url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases

reference_url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases/

reference_url	http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3305

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url	http://www.securityfocus.com/bid/75666
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/75666

reference_url	http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1032820

reference_url	http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2671-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5143
reference_id	CVE-2015-5143
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5143

fixed_packages

url pkg:pypi/django@1.7.9

purl pkg:pypi/django@1.7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-th75-ys47-d3h8

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9

url pkg:pypi/django@1.8.3

purl pkg:pypi/django@1.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3

aliases CVE-2015-5143, GHSA-h582-2pch-3xv3, PYSEC-2015-20

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfya-694v-myar

url VCID-kq8u-td31-uqaa

vulnerability_id VCID-kq8u-td31-uqaa

summary contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1766.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1766.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1767.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1767.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1894.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1894.html

reference_url	https://access.redhat.com/errata/RHSA-2015:1876
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1876

reference_url	https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/aug/18/security-releases/

reference_url	http://www.debian.org/security/2015/dsa-3338
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3338

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url	http://www.securityfocus.com/bid/76428
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/76428

reference_url	http://www.securitytracker.com/id/1033318
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1033318

reference_url	http://www.ubuntu.com/usn/USN-2720-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2720-1

fixed_packages

url pkg:pypi/django@1.7.10

purl pkg:pypi/django@1.7.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.10

url pkg:pypi/django@1.8.4

purl pkg:pypi/django@1.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.4

aliases CVE-2015-5963, PYSEC-2015-22

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kq8u-td31-uqaa

url VCID-ksh8-pazn-dbca

vulnerability_id VCID-ksh8-pazn-dbca

summary The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0502.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0504.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0505.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0506.html

reference_url	https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0

reference_url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3544

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/83879
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83879

reference_url	http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035152

reference_url	http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-1

reference_url	http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-2

reference_url	http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-3

fixed_packages

url pkg:pypi/django@1.8.10

purl pkg:pypi/django@1.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10

url pkg:pypi/django@1.9.3

purl pkg:pypi/django@1.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3

aliases CVE-2016-2512, PYSEC-2016-15

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca

url VCID-mccp-khb9-qkb7

vulnerability_id VCID-mccp-khb9-qkb7

summary Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html

reference_url	https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201510-06

reference_url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/jul/08/security-releases/

reference_url	http://www.debian.org/security/2015/dsa-3305
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3305

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url	http://www.securityfocus.com/bid/75665
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/75665

reference_url	http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1032820

reference_url	http://www.ubuntu.com/usn/USN-2671-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2671-1

fixed_packages

url pkg:pypi/django@1.7.9

purl pkg:pypi/django@1.7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-th75-ys47-d3h8

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.9

url pkg:pypi/django@1.8.3

purl pkg:pypi/django@1.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3

aliases CVE-2015-5144, PYSEC-2015-10

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mccp-khb9-qkb7

url VCID-rxxr-sseq-k7a9

vulnerability_id VCID-rxxr-sseq-k7a9

summary The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0129.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0129.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0156.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0156.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0157.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0157.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0158.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0158.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
reference_id
reference_type
scores
url	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4

reference_url	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da

reference_url	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172

reference_url	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml

reference_url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued

reference_url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/

reference_url	http://www.debian.org/security/2015/dsa-3404
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3404

reference_url	http://www.securityfocus.com/bid/77750
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77750

reference_url	http://www.securitytracker.com/id/1034237
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034237

reference_url	http://www.ubuntu.com/usn/USN-2816-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2816-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-8213
reference_id	CVE-2015-8213
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-8213

reference_url	https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
reference_id	GHSA-6wcr-wcqm-3mfh
reference_type
scores
url	https://github.com/advisories/GHSA-6wcr-wcqm-3mfh

fixed_packages

url pkg:pypi/django@1.7.11

purl pkg:pypi/django@1.7.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.11

url pkg:pypi/django@1.8.7

purl pkg:pypi/django@1.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7

url pkg:pypi/django@1.9rc2

purl pkg:pypi/django@1.9rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2

aliases CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9

url VCID-th75-ys47-d3h8

vulnerability_id VCID-th75-ys47-d3h8

summary The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1766.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1766.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1767.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1767.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-1894.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-1894.html

reference_url	https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/aug/18/security-releases/

reference_url	http://www.debian.org/security/2015/dsa-3338
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3338

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url	http://www.securityfocus.com/bid/76440
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/76440

reference_url	http://www.securitytracker.com/id/1033318
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1033318

reference_url	http://www.ubuntu.com/usn/USN-2720-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2720-1

fixed_packages

url pkg:pypi/django@1.7.10

purl pkg:pypi/django@1.7.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.10

aliases CVE-2015-5964, PYSEC-2015-23

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th75-ys47-d3h8

url VCID-vdpf-jddk-syda

vulnerability_id VCID-vdpf-jddk-syda

summary insufficient validation

references

reference_url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6

reference_url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/

reference_url	https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Jan/9

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200110-0003/

reference_url	https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4224-1/

reference_url	https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4598

reference_url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

reference_url

https://security.archlinux.org/AVG-1080

reference_id

AVG-1080

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1080

fixed_packages

url pkg:pypi/django@1.11.27

purl pkg:pypi/django@1.11.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-m4wa-xv9b-q7ce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27

url pkg:pypi/django@2.2.9

purl pkg:pypi/django@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9

aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda

url VCID-weqb-fxu4-17e7

vulnerability_id VCID-weqb-fxu4-17e7

summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2038.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2039.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2040.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2041.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2042.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2043.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a

reference_url	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735

reference_url	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml

reference_url	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182

reference_url	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899

reference_url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases

reference_url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3678

reference_url	http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93182

reference_url	http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036899

reference_url	http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3089-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-7401
reference_id	CVE-2016-7401
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-7401

reference_url	https://github.com/advisories/GHSA-crhm-qpjc-cm64
reference_id	GHSA-crhm-qpjc-cm64
reference_type
scores
url	https://github.com/advisories/GHSA-crhm-qpjc-cm64

fixed_packages

url pkg:pypi/django@1.8.15

purl pkg:pypi/django@1.8.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15

url pkg:pypi/django@1.9.10

purl pkg:pypi/django@1.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10

aliases CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7

Fixing_vulnerabilities

url VCID-bahz-gfxv-e3b2

vulnerability_id VCID-bahz-gfxv-e3b2

summary The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b

reference_url	https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1

reference_url	https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9

reference_url	https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04
reference_id
reference_type
scores
url	https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-9.yaml

reference_url	https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url	https://web.archive.org/web/20200228131706/http://www.securityfocus.com/bid/73319

reference_url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases

reference_url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases/

reference_url	http://ubuntu.com/usn/usn-2539-1
reference_id
reference_type
scores
url	http://ubuntu.com/usn/usn-2539-1

reference_url	http://www.debian.org/security/2015/dsa-3204
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3204

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:195
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:195

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_url	http://www.securityfocus.com/bid/73319
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/73319

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-2317
reference_id	CVE-2015-2317
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-2317

reference_url	https://github.com/advisories/GHSA-7fq8-4pv5-5w5c
reference_id	GHSA-7fq8-4pv5-5w5c
reference_type
scores
url	https://github.com/advisories/GHSA-7fq8-4pv5-5w5c

fixed_packages

url pkg:pypi/django@1.4.20

purl pkg:pypi/django@1.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-jfya-694v-myar

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-mccp-khb9-qkb7

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-th75-ys47-d3h8

vulnerability	VCID-u6sd-648r-qbdb

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.20

url pkg:pypi/django@1.6.11

purl pkg:pypi/django@1.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-jfya-694v-myar

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-mccp-khb9-qkb7

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-u6sd-648r-qbdb

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11

url pkg:pypi/django@1.7.7

purl pkg:pypi/django@1.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-jfya-694v-myar

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-mccp-khb9-qkb7

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-th75-ys47-d3h8

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7

url pkg:pypi/django@1.8rc1

purl pkg:pypi/django@1.8rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1

aliases CVE-2015-2317, GHSA-7fq8-4pv5-5w5c, PYSEC-2015-9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bahz-gfxv-e3b2

url VCID-vacy-878s-3kfb

vulnerability_id VCID-vacy-878s-3kfb

summary The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbd
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbd

reference_url	https://github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524f

reference_url	https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97
reference_id
reference_type
scores
url	https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-18.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-18.yaml

reference_url	https://web.archive.org/web/20200229033201/http://www.securityfocus.com/bid/73322
reference_id
reference_type
scores
url	https://web.archive.org/web/20200229033201/http://www.securityfocus.com/bid/73322

reference_url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases

reference_url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/mar/18/security-releases/

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_url	http://www.securityfocus.com/bid/73322
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/73322

reference_url	http://www.ubuntu.com/usn/USN-2539-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2539-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-2316
reference_id	CVE-2015-2316
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-2316

reference_url	https://github.com/advisories/GHSA-j3j3-jrfh-cm2w
reference_id	GHSA-j3j3-jrfh-cm2w
reference_type
scores
url	https://github.com/advisories/GHSA-j3j3-jrfh-cm2w

fixed_packages

url pkg:pypi/django@1.6.11

purl pkg:pypi/django@1.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-jfya-694v-myar

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-mccp-khb9-qkb7

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-u6sd-648r-qbdb

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.11

url pkg:pypi/django@1.7.7

purl pkg:pypi/django@1.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-jfya-694v-myar

vulnerability	VCID-kq8u-td31-uqaa

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-mccp-khb9-qkb7

vulnerability	VCID-rxxr-sseq-k7a9

vulnerability	VCID-th75-ys47-d3h8

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7

url pkg:pypi/django@1.8rc1

purl pkg:pypi/django@1.8rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1

aliases CVE-2015-2316, GHSA-j3j3-jrfh-cm2w, PYSEC-2015-18

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vacy-878s-3kfb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.7

Package Instance