{"url":"http://public2.vulnerablecode.io/api/packages/21665?format=json","purl":"pkg:pypi/django@3.2.1","type":"pypi","namespace":"","name":"django","version":"3.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.25","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3560?format=json","vulnerability_id":"VCID-29qk-rv5n-efbm","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-8x94-hmjh-97hq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8x94-hmjh-97hq"},{"reference_url":"https://groups.google.com/g/django-announce/c/8cz--gvaJr4","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/8cz--gvaJr4"},{"reference_url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/08/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/08/03/1"},{"reference_url":"https://security.archlinux.org/AVG-2810","reference_id":"AVG-2810","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2810"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28737?format=json","purl":"pkg:pypi/django@3.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/28738?format=json","purl":"pkg:pypi/django@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7"}],"aliases":["CVE-2022-36359","GHSA-8x94-hmjh-97hq","PYSEC-2022-245"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29qk-rv5n-efbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4934?format=json","vulnerability_id":"VCID-2n2n-1fq2-7bbs","summary":"sql injection","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-p64x-8rxx-wf6q","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p64x-8rxx-wf6q"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2788","reference_id":"AVG-2788","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2788"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28244?format=json","purl":"pkg:pypi/django@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/28245?format=json","purl":"pkg:pypi/django@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.6"}],"aliases":["CVE-2022-34265","GHSA-p64x-8rxx-wf6q","PYSEC-2022-213"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2n-1fq2-7bbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5407?format=json","vulnerability_id":"VCID-4pb2-tqru-uufs","summary":"insufficient validation","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-xpfp-f569-q3p2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xpfp-f569-q3p2"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9"},{"reference_url":"https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f"},{"reference_url":"https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0008","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0008"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jul/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/07/02/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2021/07/02/2"},{"reference_url":"https://security.archlinux.org/ASA-202107-11","reference_id":"ASA-202107-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-11"},{"reference_url":"https://security.archlinux.org/AVG-2123","reference_id":"AVG-2123","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2123"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35042","reference_id":"CVE-2021-35042","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35042"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22794?format=json","purl":"pkg:pypi/django@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.5"}],"aliases":["CVE-2021-35042","GHSA-xpfp-f569-q3p2","PYSEC-2021-109"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pb2-tqru-uufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36379?format=json","vulnerability_id":"VCID-4z4e-8ttu-tyd6","summary":"An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.1/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92"},{"reference_url":"https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432"},{"reference_url":"https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230316-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/02/14/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2023/02/14/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580","reference_id":"CVE-2023-24580","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580"},{"reference_url":"https://github.com/advisories/GHSA-2hrw-hx67-34x6","reference_id":"GHSA-2hrw-hx67-34x6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hrw-hx67-34x6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31506?format=json","purl":"pkg:pypi/django@3.2.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.18"},{"url":"http://public2.vulnerablecode.io/api/packages/31507?format=json","purl":"pkg:pypi/django@4.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/31508?format=json","purl":"pkg:pypi/django@4.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7"}],"aliases":["CVE-2023-24580","GHSA-2hrw-hx67-34x6","PYSEC-2023-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4z4e-8ttu-tyd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3561?format=json","vulnerability_id":"VCID-51tx-4tp9-kbcz","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a"},{"reference_url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468"},{"reference_url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833","reference_id":"CVE-2022-23833","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26587?format=json","purl":"pkg:pypi/django@3.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/26588?format=json","purl":"pkg:pypi/django@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2"}],"aliases":["CVE-2022-23833","GHSA-6cw3-g6wv-c2xv","PYSEC-2022-20"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35948?format=json","vulnerability_id":"VCID-6jpg-yrf8-cufy","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-53qw-q765-4fww","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-53qw-q765-4fww"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277"},{"reference_url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20"},{"reference_url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115","reference_id":"CVE-2021-45115","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45115","GHSA-53qw-q765-4fww","PYSEC-2022-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35947?format=json","vulnerability_id":"VCID-9end-mq19-rke5","summary":"Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1"},{"reference_url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b"},{"reference_url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452","reference_id":"CVE-2021-45452","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45452","GHSA-jrh2-hc4r-7jwx","PYSEC-2022-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36598?format=json","vulnerability_id":"VCID-am3f-c5ex-8ff2","summary":"An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f"},{"reference_url":"https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e"},{"reference_url":"https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0001","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20231214-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2023/nov/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/nov/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/nov/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/nov/01/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46695","reference_id":"CVE-2023-46695","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46695"},{"reference_url":"https://github.com/advisories/GHSA-qmf9-6jqf-j8fq","reference_id":"GHSA-qmf9-6jqf-j8fq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qmf9-6jqf-j8fq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37823?format=json","purl":"pkg:pypi/django@3.2.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23"},{"url":"http://public2.vulnerablecode.io/api/packages/37824?format=json","purl":"pkg:pypi/django@4.1.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/37825?format=json","purl":"pkg:pypi/django@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7"}],"aliases":["CVE-2023-46695","GHSA-qmf9-6jqf-j8fq","PYSEC-2023-222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am3f-c5ex-8ff2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3562?format=json","vulnerability_id":"VCID-attf-6gj8-ebaj","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5"},{"reference_url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2"},{"reference_url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818","reference_id":"CVE-2022-22818","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26587?format=json","purl":"pkg:pypi/django@3.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/26588?format=json","purl":"pkg:pypi/django@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2"}],"aliases":["CVE-2022-22818","GHSA-95rw-fx8r-36v6","PYSEC-2022-19"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36370?format=json","vulnerability_id":"VCID-au8h-vj9k-pufv","summary":"In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.1/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95"},{"reference_url":"https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942"},{"reference_url":"https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230302-0007","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230302-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23969","reference_id":"CVE-2023-23969","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23969"},{"reference_url":"https://github.com/advisories/GHSA-q2jf-h9jm-m7p4","reference_id":"GHSA-q2jf-h9jm-m7p4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q2jf-h9jm-m7p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31300?format=json","purl":"pkg:pypi/django@3.2.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.17"},{"url":"http://public2.vulnerablecode.io/api/packages/31301?format=json","purl":"pkg:pypi/django@4.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/31302?format=json","purl":"pkg:pypi/django@4.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6"}],"aliases":["CVE-2023-23969","GHSA-q2jf-h9jm-m7p4","PYSEC-2023-12"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au8h-vj9k-pufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4991?format=json","vulnerability_id":"VCID-drwp-htkk-bkfh","summary":"sql injection","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402"},{"reference_url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5"},{"reference_url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81"},{"reference_url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347","reference_id":"CVE-2022-28347","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27461?format=json","purl":"pkg:pypi/django@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/27460?format=json","purl":"pkg:pypi/django@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4"}],"aliases":["CVE-2022-28347","GHSA-w24h-v9qh-8gxj","PYSEC-2022-191"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36470?format=json","vulnerability_id":"VCID-f4a7-tcz5-byfj","summary":"In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582"},{"reference_url":"https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd"},{"reference_url":"https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9"},{"reference_url":"https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://www.debian.org/security/2023/dsa-5465","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2023/dsa-5465"},{"reference_url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053","reference_id":"CVE-2023-36053","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053"},{"reference_url":"https://github.com/advisories/GHSA-jh3w-4vvf-mjgr","reference_id":"GHSA-jh3w-4vvf-mjgr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh3w-4vvf-mjgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34291?format=json","purl":"pkg:pypi/django@3.2.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20"},{"url":"http://public2.vulnerablecode.io/api/packages/34290?format=json","purl":"pkg:pypi/django@4.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/34289?format=json","purl":"pkg:pypi/django@4.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3"}],"aliases":["CVE-2023-36053","GHSA-jh3w-4vvf-mjgr","PYSEC-2023-100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35946?format=json","vulnerability_id":"VCID-fksk-pr23-2yd8","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489"},{"reference_url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16"},{"reference_url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116","reference_id":"CVE-2021-45116","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26294?format=json","purl":"pkg:pypi/django@3.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/26295?format=json","purl":"pkg:pypi/django@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1"}],"aliases":["CVE-2021-45116","GHSA-8c5j-9r9f-c6w8","PYSEC-2022-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36753?format=json","vulnerability_id":"VCID-fsaw-3ta1-x3dw","summary":"In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.","references":[{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521"},{"reference_url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e"},{"reference_url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351","reference_id":"CVE-2024-27351","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351"},{"reference_url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3","reference_id":"GHSA-vm8q-m57g-pff3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40665?format=json","purl":"pkg:pypi/django@3.2.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25"},{"url":"http://public2.vulnerablecode.io/api/packages/40666?format=json","purl":"pkg:pypi/django@4.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/40667?format=json","purl":"pkg:pypi/django@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3"}],"aliases":["CVE-2024-27351","GHSA-vm8q-m57g-pff3","PYSEC-2024-47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3187?format=json","vulnerability_id":"VCID-m1dr-sjmw-jfd2","summary":"","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-2809","reference_id":"AVG-2809","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2809"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29477?format=json","purl":"pkg:pypi/django@3.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/29478?format=json","purl":"pkg:pypi/django@4.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/29479?format=json","purl":"pkg:pypi/django@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2"}],"aliases":["CVE-2022-41323","PYSEC-2022-304"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1dr-sjmw-jfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36601?format=json","vulnerability_id":"VCID-m33h-4p9q-63fb","summary":"In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473"},{"reference_url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8"},{"reference_url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231221-0001","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20231221-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665","reference_id":"CVE-2023-43665","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665"},{"reference_url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3","reference_id":"GHSA-h8gc-pgj2-vjm3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37817?format=json","purl":"pkg:pypi/django@3.2.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/37819?format=json","purl":"pkg:pypi/django@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/37822?format=json","purl":"pkg:pypi/django@4.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6"}],"aliases":["CVE-2023-43665","GHSA-h8gc-pgj2-vjm3","PYSEC-2023-226"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35924?format=json","vulnerability_id":"VCID-n9vn-4uxr-hkau","summary":"In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211229-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/12/07/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2021/12/07/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420","reference_id":"CVE-2021-44420","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25594?format=json","purl":"pkg:pypi/django@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10"}],"aliases":["CVE-2021-44420","GHSA-v6rh-hp5x-86rv","PYSEC-2021-439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4992?format=json","vulnerability_id":"VCID-nss9-1yrb-x7f2","summary":"sql injection","references":[{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48"},{"reference_url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d"},{"reference_url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60"},{"reference_url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220609-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220609-0002"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346","reference_id":"CVE-2022-28346","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27461?format=json","purl":"pkg:pypi/django@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/27460?format=json","purl":"pkg:pypi/django@4.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4"}],"aliases":["CVE-2022-28346","GHSA-2gwj-7jmv-h26r","PYSEC-2022-190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36599?format=json","vulnerability_id":"VCID-qgp1-4efd-6yg6","summary":"In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e"},{"reference_url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9"},{"reference_url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20231214-0002"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164","reference_id":"CVE-2023-41164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164"},{"reference_url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw","reference_id":"GHSA-7h4p-27mh-hmrw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37816?format=json","purl":"pkg:pypi/django@3.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.21"},{"url":"http://public2.vulnerablecode.io/api/packages/37818?format=json","purl":"pkg:pypi/django@4.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-m33h-4p9q-63fb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/37821?format=json","purl":"pkg:pypi/django@4.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5"}],"aliases":["CVE-2023-41164","GHSA-7h4p-27mh-hmrw","PYSEC-2023-225"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35789?format=json","vulnerability_id":"VCID-u9q1-63gf-7feh","summary":"In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/06/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/06/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21668?format=json","purl":"pkg:pypi/django@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2"}],"aliases":["CVE-2021-32052","GHSA-qm57-vhq3-3fwf","PYSEC-2021-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36720?format=json","vulnerability_id":"VCID-yuda-1mur-8bbq","summary":"An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc"},{"reference_url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9"},{"reference_url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2"},{"reference_url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680","reference_id":"CVE-2024-24680","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680"},{"reference_url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4","reference_id":"GHSA-xxj9-f6rv-m3x4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39588?format=json","purl":"pkg:pypi/django@3.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsaw-3ta1-x3dw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/39589?format=json","purl":"pkg:pypi/django@4.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/39590?format=json","purl":"pkg:pypi/django@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2"}],"aliases":["CVE-2024-24680","GHSA-xxj9-f6rv-m3x4","PYSEC-2024-28"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7346?format=json","vulnerability_id":"VCID-z4x1-e7tp-rqhz","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9"},{"reference_url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33571","GHSA-p99v-5w3c-jqq9","PYSEC-2021-99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36434?format=json","vulnerability_id":"VCID-z6tf-z1y9-cydq","summary":"In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's \"Uploading multiple files\" documentation suggested otherwise.","references":[{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd"},{"reference_url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64"},{"reference_url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0008","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230609-0008"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047","reference_id":"CVE-2023-31047","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047"},{"reference_url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p","reference_id":"GHSA-r3xc-prgr-mg9p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33542?format=json","purl":"pkg:pypi/django@3.2.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19"},{"url":"http://public2.vulnerablecode.io/api/packages/33543?format=json","purl":"pkg:pypi/django@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-qgp1-4efd-6yg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/33544?format=json","purl":"pkg:pypi/django@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9gq3-whr8-s7b8"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-e8j6-mybr-17fh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-s1rj-1xbw-fbg5"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-vgq9-s6th-yufg"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"},{"vulnerability":"VCID-yuda-1mur-8bbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1"}],"aliases":["CVE-2023-31047","GHSA-r3xc-prgr-mg9p","PYSEC-2023-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tf-z1y9-cydq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35788?format=json","vulnerability_id":"VCID-j81e-su1y-tqa6","summary":"In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21663?format=json","purl":"pkg:pypi/django@2.2.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.21"},{"url":"http://public2.vulnerablecode.io/api/packages/21664?format=json","purl":"pkg:pypi/django@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/21665?format=json","purl":"pkg:pypi/django@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1"}],"aliases":["CVE-2021-31542","GHSA-rxjp-mfm9-w4wr","PYSEC-2021-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.1"}