{"url":"http://public2.vulnerablecode.io/api/packages/14730?format=json","purl":"pkg:pypi/django@1.11a1","type":"pypi","namespace":"","name":"django","version":"1.11a1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.19","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35179?format=json","vulnerability_id":"VCID-c58g-7jpv-t7hc","summary":"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0051","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0082","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0265","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0265"},{"reference_url":"https://github.com/advisories/GHSA-r28v-mw67-m5p9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r28v-mw67-m5p9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2"},{"reference_url":"https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16"},{"reference_url":"https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"},{"reference_url":"https://usn.ubuntu.com/3591-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3591-1"},{"reference_url":"https://usn.ubuntu.com/3591-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3591-1/"},{"reference_url":"https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361"},{"reference_url":"https://www.debian.org/security/2018/dsa-4161","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4161"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/103361","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103361"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7536","reference_id":"CVE-2018-7536","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7536"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10736?format=json","purl":"pkg:pypi/django@1.11.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11"},{"url":"http://public2.vulnerablecode.io/api/packages/10737?format=json","purl":"pkg:pypi/django@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-t952-ghnf-jkby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3"}],"aliases":["CVE-2018-7536","GHSA-r28v-mw67-m5p9","PYSEC-2018-5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c58g-7jpv-t7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35305?format=json","vulnerability_id":"VCID-f1br-hvnm-wfdg","summary":"In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-337x-4q8g-prc5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-337x-4q8g-prc5"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://usn.ubuntu.com/3851-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1"},{"reference_url":"https://usn.ubuntu.com/3851-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1/"},{"reference_url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453"},{"reference_url":"https://www.debian.org/security/2019/dsa-4363","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4363"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106453"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498","reference_id":"CVE-2019-3498","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12705?format=json","purl":"pkg:pypi/django@1.11.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12706?format=json","purl":"pkg:pypi/django@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-t952-ghnf-jkby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/12707?format=json","purl":"pkg:pypi/django@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-pgtx-cdua-kfb4"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5"}],"aliases":["CVE-2019-3498","GHSA-337x-4q8g-prc5","PYSEC-2019-17"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35103?format=json","vulnerability_id":"VCID-hpj4-a9fa-4bca","summary":"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.","references":[{"reference_url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a"},{"reference_url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264"},{"reference_url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100643"},{"reference_url":"http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794","reference_id":"CVE-2017-12794","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10261?format=json","purl":"pkg:pypi/django@1.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5"}],"aliases":["CVE-2017-12794","GHSA-9r8w-6x8c-6jr9","PYSEC-2017-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35364?format=json","vulnerability_id":"VCID-kbab-v2gz-dfe6","summary":"An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62"},{"reference_url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673"},{"reference_url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://usn.ubuntu.com/4043-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/03/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"reference_url":"http://www.securityfocus.com/bid/108559","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108559"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308","reference_id":"CVE-2019-12308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13469?format=json","purl":"pkg:pypi/django@1.11.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21"},{"url":"http://public2.vulnerablecode.io/api/packages/13468?format=json","purl":"pkg:pypi/django@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-pgtx-cdua-kfb4"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/13470?format=json","purl":"pkg:pypi/django@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-pgtx-cdua-kfb4"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-yreb-z7nz-jkbs"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2"}],"aliases":["CVE-2019-12308","GHSA-7rp2-fm2h-wchj","PYSEC-2019-79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5990?format=json","vulnerability_id":"VCID-vdpf-jddk-syda","summary":"insufficient validation","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14736?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/14737?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11a1"}