Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@1.8.6

Type pypi

Namespace

Name django

Version 1.8.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.11.19

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-3kza-a88p-kfg7

vulnerability_id VCID-3kza-a88p-kfg7

summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

references

reference_url	http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1594.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1595.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1596.html

reference_url	http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/Jul/53

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1

reference_url	https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158

reference_url	https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/

reference_url	https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url	https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded

reference_url	https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url	https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058

reference_url	https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url	https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338

reference_url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases

reference_url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

reference_url	https://www.exploit-db.com/exploits/40129
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40129

reference_url	https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40129/

reference_url	http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3622

reference_url	http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/538947/100/0/threaded

reference_url	http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/92058

reference_url	http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036338

reference_url	http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3039-1

reference_url	http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url	http://www.vulnerability-lab.com/get_content.php?id=1869

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-6186
reference_id	CVE-2016-6186
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-6186

reference_url	https://github.com/advisories/GHSA-c8c8-9472-w52h
reference_id	GHSA-c8c8-9472-w52h
reference_type
scores
url	https://github.com/advisories/GHSA-c8c8-9472-w52h

fixed_packages

url pkg:pypi/django@1.8.14

purl pkg:pypi/django@1.8.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14

url pkg:pypi/django@1.9.8

purl pkg:pypi/django@1.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8

url pkg:pypi/django@1.10rc1

purl pkg:pypi/django@1.10rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1

aliases CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7

url VCID-6wah-r8vr-5qc4

vulnerability_id VCID-6wah-r8vr-5qc4

summary The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0502.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0504.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0505.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0506.html

reference_url	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
reference_id
reference_type
scores
url	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab

reference_url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3544

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/83878
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83878

reference_url	http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035152

reference_url	http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-1

reference_url	http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-2

reference_url	http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-3

fixed_packages

url pkg:pypi/django@1.8.10

purl pkg:pypi/django@1.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10

url pkg:pypi/django@1.9.3

purl pkg:pypi/django@1.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3

aliases CVE-2016-2513, PYSEC-2016-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wah-r8vr-5qc4

url VCID-8gus-er59-1qak

vulnerability_id VCID-8gus-er59-1qak

summary multiple issues

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

reference_url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

reference_url	http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3835

reference_url	http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94068

reference_url	http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037159

reference_url	http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3115-1

reference_url	https://security.archlinux.org/ASA-201611-15
reference_id	ASA-201611-15
reference_type
scores
url	https://security.archlinux.org/ASA-201611-15

reference_url

https://security.archlinux.org/AVG-57

reference_id

AVG-57

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-57

fixed_packages

url pkg:pypi/django@1.8.16

purl pkg:pypi/django@1.8.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16

url pkg:pypi/django@1.9.11

purl pkg:pypi/django@1.9.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11

url pkg:pypi/django@1.10.3

purl pkg:pypi/django@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-hpj4-a9fa-4bca

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3

aliases CVE-2016-9014, PYSEC-2016-18

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak

url VCID-9mpt-zxaw-kkeg

vulnerability_id VCID-9mpt-zxaw-kkeg

summary multiple issues

references

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url	https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!forum/django-announce

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

https://security.archlinux.org/AVG-2026

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2026

fixed_packages

url pkg:pypi/django@2.2.24

purl pkg:pypi/django@2.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24

url pkg:pypi/django@3.1.12

purl pkg:pypi/django@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-n9vn-4uxr-hkau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12

url pkg:pypi/django@3.2.4

purl pkg:pypi/django@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29qk-rv5n-efbm

vulnerability	VCID-2n2n-1fq2-7bbs

vulnerability	VCID-4pb2-tqru-uufs

vulnerability	VCID-4z4e-8ttu-tyd6

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-am3f-c5ex-8ff2

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-au8h-vj9k-pufv

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-f4a7-tcz5-byfj

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-fsaw-3ta1-x3dw

vulnerability	VCID-m1dr-sjmw-jfd2

vulnerability	VCID-m33h-4p9q-63fb

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-qgp1-4efd-6yg6

vulnerability	VCID-yuda-1mur-8bbq

vulnerability	VCID-z6tf-z1y9-cydq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4

aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg

url VCID-c58g-7jpv-t7hc

vulnerability_id VCID-c58g-7jpv-t7hc

summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2927

reference_url	https://access.redhat.com/errata/RHSA-2019:0051
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0051

reference_url	https://access.redhat.com/errata/RHSA-2019:0082
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0082

reference_url	https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0265

reference_url	https://github.com/advisories/GHSA-r28v-mw67-m5p9
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-r28v-mw67-m5p9

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
reference_id
reference_type
scores
url	https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2

reference_url	https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
reference_id
reference_type
scores
url	https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16

reference_url	https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
reference_id
reference_type
scores
url	https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html

reference_url	https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3591-1

reference_url	https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3591-1/

reference_url	https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361

reference_url	https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4161

reference_url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

reference_url	http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103361

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-7536
reference_id	CVE-2018-7536
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-7536

fixed_packages

url pkg:pypi/django@1.8.19

purl pkg:pypi/django@1.8.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.19

url pkg:pypi/django@1.11.11

purl pkg:pypi/django@1.11.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-322v-ntsv-7uge

vulnerability	VCID-3mfy-uj9u-d7de

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c3m7-fu62-2qd9

vulnerability	VCID-f1br-hvnm-wfdg

vulnerability	VCID-g44a-m54u-97cr

vulnerability	VCID-gfar-wbzc-3ubr

vulnerability	VCID-kbab-v2gz-dfe6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-t952-ghnf-jkby

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-yreb-z7nz-jkbs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11

url pkg:pypi/django@2.0.3

purl pkg:pypi/django@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-322v-ntsv-7uge

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-f1br-hvnm-wfdg

vulnerability	VCID-t952-ghnf-jkby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3

aliases CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c58g-7jpv-t7hc

url VCID-ksh8-pazn-dbca

vulnerability_id VCID-ksh8-pazn-dbca

summary The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0502.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0502.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0504.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0504.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0505.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0505.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0506.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0506.html

reference_url	https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
reference_id
reference_type
scores
url	https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0

reference_url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3544
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3544

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/83879
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83879

reference_url	http://www.securitytracker.com/id/1035152
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035152

reference_url	http://www.ubuntu.com/usn/USN-2915-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-1

reference_url	http://www.ubuntu.com/usn/USN-2915-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-2

reference_url	http://www.ubuntu.com/usn/USN-2915-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2915-3

fixed_packages

url pkg:pypi/django@1.8.10

purl pkg:pypi/django@1.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10

url pkg:pypi/django@1.9.3

purl pkg:pypi/django@1.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3

aliases CVE-2016-2512, PYSEC-2016-15

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksh8-pazn-dbca

url VCID-qy2a-mvpz-q7eh

vulnerability_id VCID-qy2a-mvpz-q7eh

summary multiple issues

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

reference_url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

reference_url	http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3835

reference_url	http://www.securityfocus.com/bid/94069
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94069

reference_url	http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037159

reference_url	http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3115-1

reference_url	https://security.archlinux.org/ASA-201611-15
reference_id	ASA-201611-15
reference_type
scores
url	https://security.archlinux.org/ASA-201611-15

reference_url

https://security.archlinux.org/AVG-57

reference_id

AVG-57

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-57

fixed_packages

url pkg:pypi/django@1.8.16

purl pkg:pypi/django@1.8.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16

url pkg:pypi/django@1.9.11

purl pkg:pypi/django@1.9.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11

url pkg:pypi/django@1.10.3

purl pkg:pypi/django@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-hpj4-a9fa-4bca

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3

aliases CVE-2016-9013, PYSEC-2016-17

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy2a-mvpz-q7eh

url VCID-rruq-9scz-vbg8

vulnerability_id VCID-rruq-9scz-vbg8

summary Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

references

reference_url	https://access.redhat.com/errata/RHSA-2017:1445
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1445

reference_url	https://access.redhat.com/errata/RHSA-2017:1451
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1451

reference_url	https://access.redhat.com/errata/RHSA-2017:1462
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1462

reference_url	https://access.redhat.com/errata/RHSA-2017:1470
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1470

reference_url	https://access.redhat.com/errata/RHSA-2017:1596
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1596

reference_url	https://access.redhat.com/errata/RHSA-2017:3093
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3093

reference_url	https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2927

reference_url	https://github.com/advisories/GHSA-37hp-765x-j95x
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-37hp-765x-j95x

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
reference_id
reference_type
scores
url	https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f

reference_url	https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66

reference_url	https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
reference_id
reference_type
scores
url	https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml

reference_url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases/

reference_url	http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3835

reference_url	http://www.securityfocus.com/bid/97406
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97406

reference_url	http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038177

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7233
reference_id	CVE-2017-7233
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7233

fixed_packages

url pkg:pypi/django@1.8.18

purl pkg:pypi/django@1.8.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.18

url pkg:pypi/django@1.9.13

purl pkg:pypi/django@1.9.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.13

url pkg:pypi/django@1.10.7

purl pkg:pypi/django@1.10.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-hpj4-a9fa-4bca

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7

aliases CVE-2017-7233, GHSA-37hp-765x-j95x, PYSEC-2017-9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rruq-9scz-vbg8

url VCID-rxxr-sseq-k7a9

vulnerability_id VCID-rxxr-sseq-k7a9

summary The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0129.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0129.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0156.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0156.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0157.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0157.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0158.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0158.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
reference_id
reference_type
scores
url	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4

reference_url	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
reference_id
reference_type
scores
url	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da

reference_url	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
reference_id
reference_type
scores
url	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172

reference_url	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
reference_id
reference_type
scores
url	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml

reference_url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued

reference_url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/

reference_url	http://www.debian.org/security/2015/dsa-3404
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3404

reference_url	http://www.securityfocus.com/bid/77750
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77750

reference_url	http://www.securitytracker.com/id/1034237
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034237

reference_url	http://www.ubuntu.com/usn/USN-2816-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2816-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-8213
reference_id	CVE-2015-8213
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-8213

reference_url	https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
reference_id	GHSA-6wcr-wcqm-3mfh
reference_type
scores
url	https://github.com/advisories/GHSA-6wcr-wcqm-3mfh

fixed_packages

url pkg:pypi/django@1.8.7

purl pkg:pypi/django@1.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kza-a88p-kfg7

vulnerability	VCID-6wah-r8vr-5qc4

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-ksh8-pazn-dbca

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-weqb-fxu4-17e7

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.7

url pkg:pypi/django@1.9rc2

purl pkg:pypi/django@1.9rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9rc2

aliases CVE-2015-8213, GHSA-6wcr-wcqm-3mfh, PYSEC-2015-11

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxxr-sseq-k7a9

url VCID-upbz-vg19-rugv

vulnerability_id VCID-upbz-vg19-rugv

summary A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.

references

reference_url	https://github.com/advisories/GHSA-h4hv-m4h4-mhwg
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-h4hv-m4h4-mhwg

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
reference_id
reference_type
scores
url	https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037

reference_url	https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
reference_id
reference_type
scores
url	https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29

reference_url	https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
reference_id
reference_type
scores
url	https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml

reference_url	https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url	https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177

reference_url	https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
reference_id
reference_type
scores
url	https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401

reference_url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2017/apr/04/security-releases/

reference_url	http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3835

reference_url	http://www.securityfocus.com/bid/97401
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97401

reference_url	http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038177

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7234
reference_id	CVE-2017-7234
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7234

fixed_packages

url pkg:pypi/django@1.8.18

purl pkg:pypi/django@1.8.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.18

url pkg:pypi/django@1.9.13

purl pkg:pypi/django@1.9.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.13

url pkg:pypi/django@1.10.7

purl pkg:pypi/django@1.10.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-hpj4-a9fa-4bca

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7

aliases CVE-2017-7234, GHSA-h4hv-m4h4-mhwg, PYSEC-2017-10

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upbz-vg19-rugv

url VCID-vdpf-jddk-syda

vulnerability_id VCID-vdpf-jddk-syda

summary insufficient validation

references

reference_url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844

reference_url	https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/dev/releases/security/

reference_url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-vfq6-hq5r-27r6

reference_url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/

reference_url	https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2020/Jan/9

reference_url	https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202004-17

reference_url	https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200110-0003/

reference_url	https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4224-1/

reference_url	https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4598

reference_url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

reference_url

https://security.archlinux.org/AVG-1080

reference_id

AVG-1080

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1080

fixed_packages

url pkg:pypi/django@1.11.27

purl pkg:pypi/django@1.11.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-m4wa-xv9b-q7ce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27

url pkg:pypi/django@2.2.9

purl pkg:pypi/django@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cp2-k4mn-8ffj

vulnerability	VCID-51tx-4tp9-kbcz

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-6jpg-yrf8-cufy

vulnerability	VCID-9end-mq19-rke5

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-attf-6gj8-ebaj

vulnerability	VCID-drwp-htkk-bkfh

vulnerability	VCID-fhp8-tck4-mye4

vulnerability	VCID-fksk-pr23-2yd8

vulnerability	VCID-hh9b-52xn-z7a9

vulnerability	VCID-j81e-su1y-tqa6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-n9vn-4uxr-hkau

vulnerability	VCID-na9w-xkvx-cbhd

vulnerability	VCID-nss9-1yrb-x7f2

vulnerability	VCID-q8r2-m9s6-rbek

vulnerability	VCID-qvfs-2v1h-p3h4

vulnerability	VCID-u9q1-63gf-7feh

vulnerability	VCID-z4x1-e7tp-rqhz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9

aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda

url VCID-weqb-fxu4-17e7

vulnerability_id VCID-weqb-fxu4-17e7

summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2038.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2039.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2040.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2041.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2042.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2043.html

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a

reference_url	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
reference_id
reference_type
scores
url	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735

reference_url	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml

reference_url	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182

reference_url	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899

reference_url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases

reference_url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2016/sep/26/security-releases/

reference_url	http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3678

reference_url	http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93182

reference_url	http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036899

reference_url	http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3089-1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-7401
reference_id	CVE-2016-7401
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-7401

reference_url	https://github.com/advisories/GHSA-crhm-qpjc-cm64
reference_id	GHSA-crhm-qpjc-cm64
reference_type
scores
url	https://github.com/advisories/GHSA-crhm-qpjc-cm64

fixed_packages

url pkg:pypi/django@1.8.15

purl pkg:pypi/django@1.8.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c58g-7jpv-t7hc

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-x61x-6b6k-h3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15

url pkg:pypi/django@1.9.10

purl pkg:pypi/django@1.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gus-er59-1qak

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-qy2a-mvpz-q7eh

vulnerability	VCID-rruq-9scz-vbg8

vulnerability	VCID-upbz-vg19-rugv

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10

aliases CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7

url VCID-x61x-6b6k-h3bn

vulnerability_id VCID-x61x-6b6k-h3bn

summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2927

reference_url	https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0265

reference_url	https://github.com/advisories/GHSA-2f9x-5v75-3qv4
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-2f9x-5v75-3qv4

reference_url	https://github.com/django/django
reference_id
reference_type
scores
url	https://github.com/django/django

reference_url	https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
reference_id
reference_type
scores
url	https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c

reference_url	https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
reference_id
reference_type
scores
url	https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539

reference_url	https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
reference_id
reference_type
scores
url	https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html

reference_url	https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3591-1

reference_url	https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3591-1/

reference_url	https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4161

reference_url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

reference_url	http://www.securityfocus.com/bid/103357
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103357

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-7537
reference_id	CVE-2018-7537
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-7537

fixed_packages

url pkg:pypi/django@1.8.19

purl pkg:pypi/django@1.8.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-vdpf-jddk-syda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.19

url pkg:pypi/django@1.11.11

purl pkg:pypi/django@1.11.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-322v-ntsv-7uge

vulnerability	VCID-3mfy-uj9u-d7de

vulnerability	VCID-5q58-pzt4-8uey

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-c3m7-fu62-2qd9

vulnerability	VCID-f1br-hvnm-wfdg

vulnerability	VCID-g44a-m54u-97cr

vulnerability	VCID-gfar-wbzc-3ubr

vulnerability	VCID-kbab-v2gz-dfe6

vulnerability	VCID-m4wa-xv9b-q7ce

vulnerability	VCID-t952-ghnf-jkby

vulnerability	VCID-vdpf-jddk-syda

vulnerability	VCID-yreb-z7nz-jkbs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11

url pkg:pypi/django@2.0.3

purl pkg:pypi/django@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-322v-ntsv-7uge

vulnerability	VCID-9mpt-zxaw-kkeg

vulnerability	VCID-f1br-hvnm-wfdg

vulnerability	VCID-t952-ghnf-jkby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3

aliases CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x61x-6b6k-h3bn

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.6

Package Instance