Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 3:4.2.16-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3:4.2.17-1

Latest_non_vulnerable_version 3:4.2.30-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e2jd-yd4j-kqgt

vulnerability_id VCID-e2jd-yd4j-kqgt

summary

Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45231

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.4636
published_at	2026-04-21T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46415
published_at	2026-04-18T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46418
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46361
published_at	2026-04-13T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.4635
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46379
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46355
published_at	2026-04-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46299
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46331
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca

reference_url

https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2

reference_url

https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

reference_url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314496
reference_id	2314496
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314496

reference_url

https://github.com/advisories/GHSA-rrqc-c2jx-6jgv

reference_id

GHSA-rrqc-c2jx-6jgv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rrqc-c2jx-6jgv

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://usn.ubuntu.com/6987-1/
reference_id	USN-6987-1
reference_type
scores
url	https://usn.ubuntu.com/6987-1/

fixed_packages

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url	pkg:deb/debian/python-django@2:2.2.28-1~deb11u11?distro=trixie
purl	pkg:deb/debian/python-django@2:2.2.28-1~deb11u11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u11%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.16-1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases CVE-2024-45231, GHSA-rrqc-c2jx-6jgv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt

url VCID-mga4-an1w-qqf9

vulnerability_id VCID-mga4-an1w-qqf9

summary

Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45230

reference_id

reference_type

scores

value	0.02721
scoring_system	epss
scoring_elements	0.85948
published_at	2026-04-21T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85957
published_at	2026-04-18T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85953
published_at	2026-04-16T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85935
published_at	2026-04-13T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.8594
published_at	2026-04-12T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85942
published_at	2026-04-11T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-09T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85918
published_at	2026-04-08T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85896
published_at	2026-04-04T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.8588
published_at	2026-04-02T12:55:00Z

value	0.02721
scoring_system	epss
scoring_elements	0.85899
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45230

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45230

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397

reference_url

https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b

reference_url

https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45230

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45230

reference_url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/

url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314485
reference_id	2314485
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314485

reference_url

https://github.com/advisories/GHSA-5hgc-2vfp-mqvc

reference_id

GHSA-5hgc-2vfp-mqvc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5hgc-2vfp-mqvc

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2024:8534
reference_id	RHSA-2024:8534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8534

reference_url	https://usn.ubuntu.com/6987-1/
reference_id	USN-6987-1
reference_type
scores
url	https://usn.ubuntu.com/6987-1/

fixed_packages

url	pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.16-1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases BIT-django-2024-45230, CVE-2024-45230, GHSA-5hgc-2vfp-mqvc, PYSEC-2024-102

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mga4-an1w-qqf9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.16-1%3Fdistro=trixie

Package Instance