Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@2:2.2.24-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 2:2.2.24-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:2.2.25-1~deb11u1

Latest_non_vulnerable_version 3:4.2.30-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-c8s7-3g9m-d3cw

vulnerability_id VCID-c8s7-3g9m-d3cw

summary In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33571

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.09724
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09841
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09857
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09741
published_at	2026-04-01T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09893
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09887
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09834
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09762
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09862
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09812
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33571

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571

reference_url

https://docs.djangoproject.com/en/3.2/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-p99v-5w3c-jqq9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-p99v-5w3c-jqq9

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e

reference_url

https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d

reference_url

https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml

reference_url

https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33571

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33571

reference_url

https://security.netapp.com/advisory/ntap-20210727-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210727-0004

reference_url

https://www.djangoproject.com/weblog/2021/jun/02/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2021/jun/02/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966253
reference_id	1966253
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966253

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
reference_id	989394
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

https://security.archlinux.org/AVG-2026

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2026

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2021:3490
reference_id	RHSA-2021:3490
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3490

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

reference_url	https://access.redhat.com/errata/RHSA-2021:5070
reference_id	RHSA-2021:5070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5070

reference_url	https://usn.ubuntu.com/4975-1/
reference_id	USN-4975-1
reference_type
scores
url	https://usn.ubuntu.com/4975-1/

fixed_packages

url	pkg:deb/debian/python-django@2:2.2.24-1?distro=trixie
purl	pkg:deb/debian/python-django@2:2.2.24-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.24-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases BIT-django-2021-33571, CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8s7-3g9m-d3cw

url VCID-qm34-ec8s-tfd7

vulnerability_id VCID-qm34-ec8s-tfd7

summary Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33203

reference_id

reference_type

scores

value	0.00327
scoring_system	epss
scoring_elements	0.55667
published_at	2026-04-16T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55629
published_at	2026-04-13T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55646
published_at	2026-04-12T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55666
published_at	2026-04-11T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55657
published_at	2026-04-09T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55489
published_at	2026-04-01T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55654
published_at	2026-04-08T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55603
published_at	2026-04-07T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.55625
published_at	2026-04-04T12:55:00Z

value	0.00327
scoring_system	epss
scoring_elements	0.556
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203

reference_url

https://docs.djangoproject.com/en/3.2/releases/security

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-68w8-qjq3-2gfm

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90

reference_url

https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f

reference_url

https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33203

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33203

reference_url

https://security.netapp.com/advisory/ntap-20210727-0004

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210727-0004

reference_url

https://www.djangoproject.com/weblog/2021/jun/02/security-releases

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2021/jun/02/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966251
reference_id	1966251
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966251

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
reference_id	989394
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394

reference_url	https://security.archlinux.org/ASA-202106-41
reference_id	ASA-202106-41
reference_type
scores
url	https://security.archlinux.org/ASA-202106-41

reference_url

https://security.archlinux.org/AVG-2026

reference_id

AVG-2026

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2026

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2021:3490
reference_id	RHSA-2021:3490
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3490

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

reference_url	https://access.redhat.com/errata/RHSA-2021:5070
reference_id	RHSA-2021:5070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5070

reference_url	https://usn.ubuntu.com/4975-1/
reference_id	USN-4975-1
reference_type
scores
url	https://usn.ubuntu.com/4975-1/

reference_url	https://usn.ubuntu.com/4975-2/
reference_id	USN-4975-2
reference_type
scores
url	https://usn.ubuntu.com/4975-2/

fixed_packages

url	pkg:deb/debian/python-django@2:2.2.24-1?distro=trixie
purl	pkg:deb/debian/python-django@2:2.2.24-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.24-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.24-1%3Fdistro=trixie

Package Instance