{"url":"http://public2.vulnerablecode.io/api/packages/14981?format=json","purl":"pkg:pypi/django@2.2.10","type":"pypi","namespace":"","name":"django","version":"2.2.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.28","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35569?format=json","vulnerability_id":"VCID-4cp2-k4mn-8ffj","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf"},{"reference_url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16544?format=json","purl":"pkg:pypi/django@2.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/16545?format=json","purl":"pkg:pypi/django@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7"}],"aliases":["CVE-2020-13596","GHSA-2m34-jcjv-45xf","PYSEC-2020-32"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3561?format=json","vulnerability_id":"VCID-51tx-4tp9-kbcz","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a"},{"reference_url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468"},{"reference_url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833","reference_id":"CVE-2022-23833","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26586?format=json","purl":"pkg:pypi/django@2.2.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27"},{"url":"http://public2.vulnerablecode.io/api/packages/26587?format=json","purl":"pkg:pypi/django@3.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/26588?format=json","purl":"pkg:pypi/django@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2"}],"aliases":["CVE-2022-23833","GHSA-6cw3-g6wv-c2xv","PYSEC-2022-20"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35948?format=json","vulnerability_id":"VCID-6jpg-yrf8-cufy","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-53qw-q765-4fww","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-53qw-q765-4fww"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277"},{"reference_url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20"},{"reference_url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115","reference_id":"CVE-2021-45115","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26293?format=json","purl":"pkg:pypi/django@2.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26"},{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45115","GHSA-53qw-q765-4fww","PYSEC-2022-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35947?format=json","vulnerability_id":"VCID-9end-mq19-rke5","summary":"Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1"},{"reference_url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b"},{"reference_url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452","reference_id":"CVE-2021-45452","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26293?format=json","purl":"pkg:pypi/django@2.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26"},{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45452","GHSA-jrh2-hc4r-7jwx","PYSEC-2022-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3562?format=json","vulnerability_id":"VCID-attf-6gj8-ebaj","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5"},{"reference_url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2"},{"reference_url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818","reference_id":"CVE-2022-22818","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26586?format=json","purl":"pkg:pypi/django@2.2.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27"},{"url":"http://public2.vulnerablecode.io/api/packages/26587?format=json","purl":"pkg:pypi/django@3.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/26588?format=json","purl":"pkg:pypi/django@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2"}],"aliases":["CVE-2022-22818","GHSA-95rw-fx8r-36v6","PYSEC-2022-19"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4991?format=json","vulnerability_id":"VCID-drwp-htkk-bkfh","summary":"sql injection","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402"},{"reference_url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5"},{"reference_url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81"},{"reference_url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347","reference_id":"CVE-2022-28347","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27462?format=json","purl":"pkg:pypi/django@2.2.28","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28"},{"url":"http://public2.vulnerablecode.io/api/packages/27461?format=json","purl":"pkg:pypi/django@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/27460?format=json","purl":"pkg:pypi/django@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4"}],"aliases":["CVE-2022-28347","GHSA-w24h-v9qh-8gxj","PYSEC-2022-191"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35768?format=json","vulnerability_id":"VCID-fhp8-tck4-mye4","summary":"In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh"},{"reference_url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20556?format=json","purl":"pkg:pypi/django@2.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/20557?format=json","purl":"pkg:pypi/django@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/20558?format=json","purl":"pkg:pypi/django@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8"}],"aliases":["CVE-2021-28658","GHSA-xgxc-v2qg-chmh","PYSEC-2021-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35946?format=json","vulnerability_id":"VCID-fksk-pr23-2yd8","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489"},{"reference_url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16"},{"reference_url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116","reference_id":"CVE-2021-45116","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26293?format=json","purl":"pkg:pypi/django@2.2.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26"},{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45116","GHSA-8c5j-9r9f-c6w8","PYSEC-2022-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35612?format=json","vulnerability_id":"VCID-hh9b-52xn-z7a9","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-fr28-569j-53c4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fr28-569j-53c4"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200918-0004/"},{"reference_url":"https://usn.ubuntu.com/4479-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4479-1/"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/09/01/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2020/09/01/2"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18189?format=json","purl":"pkg:pypi/django@2.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/18190?format=json","purl":"pkg:pypi/django@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/18191?format=json","purl":"pkg:pypi/django@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1"}],"aliases":["CVE-2020-24584","GHSA-fr28-569j-53c4","PYSEC-2020-34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35788?format=json","vulnerability_id":"VCID-j81e-su1y-tqa6","summary":"In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21663?format=json","purl":"pkg:pypi/django@2.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.21"},{"url":"http://public2.vulnerablecode.io/api/packages/21664?format=json","purl":"pkg:pypi/django@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/21665?format=json","purl":"pkg:pypi/django@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1"}],"aliases":["CVE-2021-31542","GHSA-rxjp-mfm9-w4wr","PYSEC-2021-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35517?format=json","vulnerability_id":"VCID-m4wa-xv9b-q7ce","summary":"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0004/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://security.netapp.com/advisory/ntap-20200327-0004/"},{"reference_url":"https://usn.ubuntu.com/4296-1/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://usn.ubuntu.com/4296-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14989?format=json","purl":"pkg:pypi/django@2.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/14990?format=json","purl":"pkg:pypi/django@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4"}],"aliases":["CVE-2020-9402","GHSA-3gh2-xw74-jmcw","PYSEC-2020-345","PYSEC-2020-36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4wa-xv9b-q7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35924?format=json","vulnerability_id":"VCID-n9vn-4uxr-hkau","summary":"In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211229-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/12/07/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2021/12/07/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420","reference_id":"CVE-2021-44420","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25592?format=json","purl":"pkg:pypi/django@2.2.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.25"},{"url":"http://public2.vulnerablecode.io/api/packages/25593?format=json","purl":"pkg:pypi/django@3.1.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/25594?format=json","purl":"pkg:pypi/django@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10"}],"aliases":["CVE-2021-44420","GHSA-v6rh-hp5x-86rv","PYSEC-2021-439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35570?format=json","vulnerability_id":"VCID-na9w-xkvx-cbhd","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw"},{"reference_url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16544?format=json","purl":"pkg:pypi/django@2.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/16545?format=json","purl":"pkg:pypi/django@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.7"}],"aliases":["CVE-2020-13254","GHSA-wpjr-j57x-wxfw","PYSEC-2020-31"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4992?format=json","vulnerability_id":"VCID-nss9-1yrb-x7f2","summary":"sql injection","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48"},{"reference_url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d"},{"reference_url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60"},{"reference_url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220609-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220609-0002"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346","reference_id":"CVE-2022-28346","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27462?format=json","purl":"pkg:pypi/django@2.2.28","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28"},{"url":"http://public2.vulnerablecode.io/api/packages/27461?format=json","purl":"pkg:pypi/django@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/27460?format=json","purl":"pkg:pypi/django@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4"}],"aliases":["CVE-2022-28346","GHSA-2gwj-7jmv-h26r","PYSEC-2022-190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35716?format=json","vulnerability_id":"VCID-q8r2-m9s6-rbek","summary":"In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210226-0004/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19836?format=json","purl":"pkg:pypi/django@2.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/19837?format=json","purl":"pkg:pypi/django@3.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/19838?format=json","purl":"pkg:pypi/django@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6"}],"aliases":["CVE-2021-3281","GHSA-fvgf-6h6h-3322","PYSEC-2021-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35613?format=json","vulnerability_id":"VCID-qvfs-2v1h-p3h4","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-m6gj-h9gm-gw44","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m6gj-h9gm-gw44"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200918-0004/"},{"reference_url":"https://usn.ubuntu.com/4479-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4479-1/"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/09/01/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2020/09/01/2"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18189?format=json","purl":"pkg:pypi/django@2.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/18190?format=json","purl":"pkg:pypi/django@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/18191?format=json","purl":"pkg:pypi/django@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.1"}],"aliases":["CVE-2020-24583","GHSA-m6gj-h9gm-gw44","PYSEC-2020-33"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35789?format=json","vulnerability_id":"VCID-u9q1-63gf-7feh","summary":"In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/06/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/06/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21666?format=json","purl":"pkg:pypi/django@2.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/21667?format=json","purl":"pkg:pypi/django@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/21668?format=json","purl":"pkg:pypi/django@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2"}],"aliases":["CVE-2021-32052","GHSA-qm57-vhq3-3fwf","PYSEC-2021-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7346?format=json","vulnerability_id":"VCID-z4x1-e7tp-rqhz","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9"},{"reference_url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33571","GHSA-p99v-5w3c-jqq9","PYSEC-2021-99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35504?format=json","vulnerability_id":"VCID-5q58-pzt4-8uey","summary":"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx"},{"reference_url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Feb/30"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200221-0006/"},{"reference_url":"https://usn.ubuntu.com/4264-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4264-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4629","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4629"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/02/03/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14980?format=json","purl":"pkg:pypi/django@1.11.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28"},{"url":"http://public2.vulnerablecode.io/api/packages/14981?format=json","purl":"pkg:pypi/django@2.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/14982?format=json","purl":"pkg:pypi/django@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3"}],"aliases":["CVE-2020-7471","GHSA-hmr4-m2h5-33qx","PYSEC-2020-35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10"}