Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34291?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34291?format=api", "purl": "pkg:pypi/django@3.2.20", "type": "pypi", "namespace": "", "name": "django", "version": "3.2.20", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.25", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36598?format=api", "vulnerability_id": "VCID-am3f-c5ex-8ff2", "summary": "An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f" }, { "reference_url": "https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e" }, { "reference_url": "https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20231214-0001" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/nov/01/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46695", "reference_id": "CVE-2023-46695", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46695" }, { "reference_url": "https://github.com/advisories/GHSA-qmf9-6jqf-j8fq", "reference_id": "GHSA-qmf9-6jqf-j8fq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qmf9-6jqf-j8fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37823?format=api", "purl": "pkg:pypi/django@3.2.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/37824?format=api", "purl": "pkg:pypi/django@4.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/37825?format=api", "purl": "pkg:pypi/django@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7" } ], "aliases": [ "CVE-2023-46695", "GHSA-qmf9-6jqf-j8fq", "PYSEC-2023-222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am3f-c5ex-8ff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36753?format=api", "vulnerability_id": "VCID-fsaw-3ta1-x3dw", "summary": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521" }, { "reference_url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e" }, { "reference_url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351", "reference_id": "CVE-2024-27351", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351" }, { "reference_url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3", "reference_id": "GHSA-vm8q-m57g-pff3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40665?format=api", "purl": "pkg:pypi/django@3.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/40666?format=api", "purl": "pkg:pypi/django@4.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/40667?format=api", "purl": "pkg:pypi/django@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3" } ], "aliases": [ "CVE-2024-27351", "GHSA-vm8q-m57g-pff3", "PYSEC-2024-47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36601?format=api", "vulnerability_id": "VCID-m33h-4p9q-63fb", "summary": "In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473" }, { "reference_url": "https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8" }, { "reference_url": "https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231221-0001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20231221-0001" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665", "reference_id": "CVE-2023-43665", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43665" }, { "reference_url": "https://github.com/advisories/GHSA-h8gc-pgj2-vjm3", "reference_id": "GHSA-h8gc-pgj2-vjm3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h8gc-pgj2-vjm3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37817?format=api", "purl": "pkg:pypi/django@3.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/37819?format=api", "purl": "pkg:pypi/django@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/37822?format=api", "purl": "pkg:pypi/django@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6" } ], "aliases": [ "CVE-2023-43665", "GHSA-h8gc-pgj2-vjm3", "PYSEC-2023-226" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36599?format=api", "vulnerability_id": "VCID-qgp1-4efd-6yg6", "summary": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e" }, { "reference_url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9" }, { "reference_url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20231214-0002" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164", "reference_id": "CVE-2023-41164", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164" }, { "reference_url": "https://github.com/advisories/GHSA-7h4p-27mh-hmrw", "reference_id": "GHSA-7h4p-27mh-hmrw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7h4p-27mh-hmrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37816?format=api", "purl": "pkg:pypi/django@3.2.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/37818?format=api", "purl": "pkg:pypi/django@4.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-m33h-4p9q-63fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/37821?format=api", "purl": "pkg:pypi/django@4.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5" } ], "aliases": [ "CVE-2023-41164", "GHSA-7h4p-27mh-hmrw", "PYSEC-2023-225" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36720?format=api", "vulnerability_id": "VCID-yuda-1mur-8bbq", "summary": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc" }, { "reference_url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9" }, { "reference_url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2" }, { "reference_url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680", "reference_id": "CVE-2024-24680", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680" }, { "reference_url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4", "reference_id": "GHSA-xxj9-f6rv-m3x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39588?format=api", "purl": "pkg:pypi/django@3.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsaw-3ta1-x3dw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/39589?format=api", "purl": "pkg:pypi/django@4.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/39590?format=api", "purl": "pkg:pypi/django@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2" } ], "aliases": [ "CVE-2024-24680", "GHSA-xxj9-f6rv-m3x4", "PYSEC-2024-28" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36470?format=api", "vulnerability_id": "VCID-f4a7-tcz5-byfj", "summary": "In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/4.2/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582" }, { "reference_url": "https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd" }, { "reference_url": "https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9" }, { "reference_url": "https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2023/dsa-5465" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053", "reference_id": "CVE-2023-36053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-4vvf-mjgr", "reference_id": "GHSA-jh3w-4vvf-mjgr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh3w-4vvf-mjgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34291?format=api", "purl": "pkg:pypi/django@3.2.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/34290?format=api", "purl": "pkg:pypi/django@4.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/34289?format=api", "purl": "pkg:pypi/django@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-am3f-c5ex-8ff2" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-m33h-4p9q-63fb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qgp1-4efd-6yg6" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" }, { "vulnerability": "VCID-yuda-1mur-8bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3" } ], "aliases": [ "CVE-2023-36053", "GHSA-jh3w-4vvf-mjgr", "PYSEC-2023-100" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20" }