Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-y1ks-arp8-23hm

Summary Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.

Aliases

alias	CVE-2009-3695

alias	GHSA-p6m5-h7pp-v2x5

alias	PYSEC-2009-4

Fixed_packages

url	pkg:deb/debian/python-django@1.1.1-1?distro=trixie
purl	pkg:deb/debian/python-django@1.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.1.1-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-g22z-jue5-8udz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie

url pkg:pypi/django@1.0.4

purl pkg:pypi/django@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.4

url pkg:pypi/django@1.1.1

purl pkg:pypi/django@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-h5pj-9gmh-tkcb

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-j2fb-pq89-uybu

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-vqne-j65s-s7gx

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1.1

Affected_packages

url pkg:pypi/django@1.0

purl pkg:pypi/django@1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-y1ks-arp8-23hm

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0

url pkg:pypi/django@1.0.1

purl pkg:pypi/django@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.1

url pkg:pypi/django@1.0.2

purl pkg:pypi/django@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.2

url pkg:pypi/django@1.0.3

purl pkg:pypi/django@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.3

url pkg:pypi/django@1.1

purl pkg:pypi/django@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-h5pj-9gmh-tkcb

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-j2fb-pq89-uybu

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-vqne-j65s-s7gx

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1

References

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_url

http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51

reference_url	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/
reference_id
reference_type
scores
url	http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3695

reference_id

reference_type

scores

value	0.06201
scoring_system	epss
scoring_elements	0.91008
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3695

reference_url	http://secunia.com/advisories/36948
reference_id
reference_type
scores
url	http://secunia.com/advisories/36948

reference_url	http://secunia.com/advisories/36968
reference_id
reference_type
scores
url	http://secunia.com/advisories/36968

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53727

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53727

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a

reference_url

https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2009-4.yaml

reference_url

https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091013093057/http://secunia.com/advisories/36968

reference_url

https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091017070244/http://secunia.com/advisories/36948

reference_url

https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228171918/http://www.securityfocus.com/bid/36655

reference_url

http://www.debian.org/security/2009/dsa-1905

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2009/dsa-1905

reference_url

http://www.djangoproject.com/weblog/2009/oct/09/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.djangoproject.com/weblog/2009/oct/09/security

reference_url	http://www.djangoproject.com/weblog/2009/oct/09/security/
reference_id
reference_type
scores
url	http://www.djangoproject.com/weblog/2009/oct/09/security/

reference_url

http://www.openwall.com/lists/oss-security/2009/10/13/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/10/13/6

reference_url	http://www.securityfocus.com/bid/36655
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/36655

reference_url	http://www.vupen.com/english/advisories/2009/2871
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2871

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457
reference_id	550457
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-3695

reference_id

CVE-2009-3695

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3695

reference_url

https://github.com/advisories/GHSA-p6m5-h7pp-v2x5

reference_id

GHSA-p6m5-h7pp-v2x5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p6m5-h7pp-v2x5

Weaknesses

cwe_id	1333
name	Inefficient Regular Expression Complexity
description	The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ks-arp8-23hm

Vulnerability Instance