Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.9.5
Typepypi
Namespace
Namedjango
Version1.9.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.19
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-3kza-a88p-kfg7
vulnerability_id VCID-3kza-a88p-kfg7
summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
references
0
reference_url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1594.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1594.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1595.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1595.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1596.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1596.html
4
reference_url http://seclists.org/fulldisclosure/2016/Jul/53
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2016/Jul/53
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
7
reference_url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
reference_id
reference_type
scores
url https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
8
reference_url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
reference_id
reference_type
scores
url https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
14
reference_url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
15
reference_url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
16
reference_url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
17
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases
18
reference_url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
19
reference_url https://www.exploit-db.com/exploits/40129
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129
20
reference_url https://www.exploit-db.com/exploits/40129/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/40129/
21
reference_url http://www.debian.org/security/2016/dsa-3622
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3622
22
reference_url http://www.securityfocus.com/archive/1/538947/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/538947/100/0/threaded
23
reference_url http://www.securityfocus.com/bid/92058
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92058
24
reference_url http://www.securitytracker.com/id/1036338
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036338
25
reference_url http://www.ubuntu.com/usn/USN-3039-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3039-1
26
reference_url http://www.vulnerability-lab.com/get_content.php?id=1869
reference_id
reference_type
scores
url http://www.vulnerability-lab.com/get_content.php?id=1869
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
reference_id CVE-2016-6186
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6186
28
reference_url https://github.com/advisories/GHSA-c8c8-9472-w52h
reference_id GHSA-c8c8-9472-w52h
reference_type
scores
url https://github.com/advisories/GHSA-c8c8-9472-w52h
fixed_packages
0
url pkg:pypi/django@1.9.8
purl pkg:pypi/django@1.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
6
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8
1
url pkg:pypi/django@1.10rc1
purl pkg:pypi/django@1.10rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1
aliases CVE-2016-6186, GHSA-c8c8-9472-w52h, PYSEC-2016-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7
1
url VCID-8gus-er59-1qak
vulnerability_id VCID-8gus-er59-1qak
summary multiple issues
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
6
reference_url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
7
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
8
reference_url http://www.securityfocus.com/bid/94068
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94068
9
reference_url http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037159
10
reference_url http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3115-1
11
reference_url https://security.archlinux.org/ASA-201611-15
reference_id ASA-201611-15
reference_type
scores
url https://security.archlinux.org/ASA-201611-15
12
reference_url https://security.archlinux.org/AVG-57
reference_id AVG-57
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-57
fixed_packages
0
url pkg:pypi/django@1.9.11
purl pkg:pypi/django@1.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-rruq-9scz-vbg8
2
vulnerability VCID-upbz-vg19-rugv
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11
1
url pkg:pypi/django@1.10.3
purl pkg:pypi/django@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3
aliases CVE-2016-9014, PYSEC-2016-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak
2
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
3
url VCID-qy2a-mvpz-q7eh
vulnerability_id VCID-qy2a-mvpz-q7eh
summary multiple issues
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
6
reference_url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
7
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
8
reference_url http://www.securityfocus.com/bid/94069
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94069
9
reference_url http://www.securitytracker.com/id/1037159
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037159
10
reference_url http://www.ubuntu.com/usn/USN-3115-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3115-1
11
reference_url https://security.archlinux.org/ASA-201611-15
reference_id ASA-201611-15
reference_type
scores
url https://security.archlinux.org/ASA-201611-15
12
reference_url https://security.archlinux.org/AVG-57
reference_id AVG-57
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-57
fixed_packages
0
url pkg:pypi/django@1.9.11
purl pkg:pypi/django@1.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-rruq-9scz-vbg8
2
vulnerability VCID-upbz-vg19-rugv
3
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11
1
url pkg:pypi/django@1.10.3
purl pkg:pypi/django@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-rruq-9scz-vbg8
3
vulnerability VCID-upbz-vg19-rugv
4
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3
aliases CVE-2016-9013, PYSEC-2016-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy2a-mvpz-q7eh
4
url VCID-rruq-9scz-vbg8
vulnerability_id VCID-rruq-9scz-vbg8
summary Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1445
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1445
1
reference_url https://access.redhat.com/errata/RHSA-2017:1451
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1451
2
reference_url https://access.redhat.com/errata/RHSA-2017:1462
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1462
3
reference_url https://access.redhat.com/errata/RHSA-2017:1470
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1470
4
reference_url https://access.redhat.com/errata/RHSA-2017:1596
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1596
5
reference_url https://access.redhat.com/errata/RHSA-2017:3093
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:3093
6
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
7
reference_url https://github.com/advisories/GHSA-37hp-765x-j95x
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-37hp-765x-j95x
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
reference_id
reference_type
scores
url https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
10
reference_url https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
reference_id
reference_type
scores
url https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
11
reference_url https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
reference_id
reference_type
scores
url https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
13
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
14
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
15
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
16
reference_url http://www.securityfocus.com/bid/97406
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97406
17
reference_url http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038177
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7233
reference_id CVE-2017-7233
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7233
fixed_packages
0
url pkg:pypi/django@1.9.13
purl pkg:pypi/django@1.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.13
1
url pkg:pypi/django@1.10.7
purl pkg:pypi/django@1.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7
aliases CVE-2017-7233, GHSA-37hp-765x-j95x, PYSEC-2017-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rruq-9scz-vbg8
5
url VCID-upbz-vg19-rugv
vulnerability_id VCID-upbz-vg19-rugv
summary A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
references
0
reference_url https://github.com/advisories/GHSA-h4hv-m4h4-mhwg
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-h4hv-m4h4-mhwg
1
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
2
reference_url https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
reference_id
reference_type
scores
url https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
3
reference_url https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
reference_id
reference_type
scores
url https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
4
reference_url https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
reference_id
reference_type
scores
url https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
6
reference_url https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
7
reference_url https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
reference_id
reference_type
scores
url https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
8
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
9
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
10
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3835
11
reference_url http://www.securityfocus.com/bid/97401
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97401
12
reference_url http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038177
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7234
reference_id CVE-2017-7234
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7234
fixed_packages
0
url pkg:pypi/django@1.9.13
purl pkg:pypi/django@1.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.13
1
url pkg:pypi/django@1.10.7
purl pkg:pypi/django@1.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
1
vulnerability VCID-hpj4-a9fa-4bca
2
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7
aliases CVE-2017-7234, GHSA-h4hv-m4h4-mhwg, PYSEC-2017-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upbz-vg19-rugv
6
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
4
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
6
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2020/Jan/9
7
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
8
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
9
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
10
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4598
11
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
12
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
fixed_packages
0
url pkg:pypi/django@1.11.27
purl pkg:pypi/django@1.11.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5q58-pzt4-8uey
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-m4wa-xv9b-q7ce
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27
1
url pkg:pypi/django@2.2.9
purl pkg:pypi/django@2.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
7
url VCID-weqb-fxu4-17e7
vulnerability_id VCID-weqb-fxu4-17e7
summary The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2038.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2038.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2039.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2039.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-2040.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2040.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-2041.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2041.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2042.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2042.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2043.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-2043.html
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
reference_id
reference_type
scores
url https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
8
reference_url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
reference_id
reference_type
scores
url https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
9
reference_url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
reference_id
reference_type
scores
url https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
11
reference_url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
12
reference_url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
13
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases
14
reference_url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
15
reference_url http://www.debian.org/security/2016/dsa-3678
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3678
16
reference_url http://www.securityfocus.com/bid/93182
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93182
17
reference_url http://www.securitytracker.com/id/1036899
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1036899
18
reference_url http://www.ubuntu.com/usn/USN-3089-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3089-1
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
reference_id CVE-2016-7401
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7401
20
reference_url https://github.com/advisories/GHSA-crhm-qpjc-cm64
reference_id GHSA-crhm-qpjc-cm64
reference_type
scores
url https://github.com/advisories/GHSA-crhm-qpjc-cm64
fixed_packages
0
url pkg:pypi/django@1.9.10
purl pkg:pypi/django@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8gus-er59-1qak
1
vulnerability VCID-9mpt-zxaw-kkeg
2
vulnerability VCID-qy2a-mvpz-q7eh
3
vulnerability VCID-rruq-9scz-vbg8
4
vulnerability VCID-upbz-vg19-rugv
5
vulnerability VCID-vdpf-jddk-syda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10
aliases CVE-2016-7401, GHSA-crhm-qpjc-cm64, PYSEC-2016-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-weqb-fxu4-17e7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.5