{"url":"http://public2.vulnerablecode.io/api/packages/19834?format=json","purl":"pkg:pypi/django@3.1.4","type":"pypi","namespace":"","name":"django","version":"3.1.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.14","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5407?format=json","vulnerability_id":"VCID-4pb2-tqru-uufs","summary":"insufficient validation","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-xpfp-f569-q3p2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xpfp-f569-q3p2"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9"},{"reference_url":"https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f"},{"reference_url":"https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0008","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0008"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/07/02/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2021/07/02/2"},{"reference_url":"https://security.archlinux.org/ASA-202107-11","reference_id":"ASA-202107-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-11"},{"reference_url":"https://security.archlinux.org/AVG-2123","reference_id":"AVG-2123","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2123"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35042","reference_id":"CVE-2021-35042","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35042"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22793?format=json","purl":"pkg:pypi/django@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/22794?format=json","purl":"pkg:pypi/django@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.5"}],"aliases":["CVE-2021-35042","GHSA-xpfp-f569-q3p2","PYSEC-2021-109"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pb2-tqru-uufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35768?format=json","vulnerability_id":"VCID-fhp8-tck4-mye4","summary":"In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh"},{"reference_url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20558?format=json","purl":"pkg:pypi/django@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.8"}],"aliases":["CVE-2021-28658","GHSA-xgxc-v2qg-chmh","PYSEC-2021-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35788?format=json","vulnerability_id":"VCID-j81e-su1y-tqa6","summary":"In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21664?format=json","purl":"pkg:pypi/django@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/21665?format=json","purl":"pkg:pypi/django@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1"}],"aliases":["CVE-2021-31542","GHSA-rxjp-mfm9-w4wr","PYSEC-2021-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35924?format=json","vulnerability_id":"VCID-n9vn-4uxr-hkau","summary":"In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211229-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/12/07/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2021/12/07/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420","reference_id":"CVE-2021-44420","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25593?format=json","purl":"pkg:pypi/django@3.1.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/25594?format=json","purl":"pkg:pypi/django@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10"}],"aliases":["CVE-2021-44420","GHSA-v6rh-hp5x-86rv","PYSEC-2021-439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35716?format=json","vulnerability_id":"VCID-q8r2-m9s6-rbek","summary":"In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210226-0004/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19838?format=json","purl":"pkg:pypi/django@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.6"}],"aliases":["CVE-2021-3281","GHSA-fvgf-6h6h-3322","PYSEC-2021-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35789?format=json","vulnerability_id":"VCID-u9q1-63gf-7feh","summary":"In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/06/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/06/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21667?format=json","purl":"pkg:pypi/django@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/21668?format=json","purl":"pkg:pypi/django@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2"}],"aliases":["CVE-2021-32052","GHSA-qm57-vhq3-3fwf","PYSEC-2021-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7346?format=json","vulnerability_id":"VCID-z4x1-e7tp-rqhz","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9"},{"reference_url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33571","GHSA-p99v-5w3c-jqq9","PYSEC-2021-99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.4"}