{"url":"http://public2.vulnerablecode.io/api/packages/9253?format=json","purl":"pkg:pypi/django@1.10a1","type":"pypi","namespace":"","name":"django","version":"1.10a1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.19","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35000?format=json","vulnerability_id":"VCID-3kza-a88p-kfg7","summary":"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.","references":[{"reference_url":"http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1594.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1594.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1595.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1596.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1596.html"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jul/53","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2016/Jul/53"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1"},{"reference_url":"https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158"},{"reference_url":"https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/"},{"reference_url":"https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058"},{"reference_url":"https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338"},{"reference_url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases/"},{"reference_url":"https://www.exploit-db.com/exploits/40129","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40129"},{"reference_url":"https://www.exploit-db.com/exploits/40129/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40129/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3622","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3622"},{"reference_url":"http://www.securityfocus.com/archive/1/538947/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/538947/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/92058","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92058"},{"reference_url":"http://www.securitytracker.com/id/1036338","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036338"},{"reference_url":"http://www.ubuntu.com/usn/USN-3039-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3039-1"},{"reference_url":"http://www.vulnerability-lab.com/get_content.php?id=1869","reference_id":"","reference_type":"","scores":[],"url":"http://www.vulnerability-lab.com/get_content.php?id=1869"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6186","reference_id":"CVE-2016-6186","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6186"},{"reference_url":"https://github.com/advisories/GHSA-c8c8-9472-w52h","reference_id":"GHSA-c8c8-9472-w52h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c8c8-9472-w52h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9257?format=json","purl":"pkg:pypi/django@1.10rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1"}],"aliases":["CVE-2016-6186","GHSA-c8c8-9472-w52h","PYSEC-2016-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kza-a88p-kfg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35103?format=json","vulnerability_id":"VCID-hpj4-a9fa-4bca","summary":"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.","references":[{"reference_url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a"},{"reference_url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264"},{"reference_url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100643"},{"reference_url":"http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794","reference_id":"CVE-2017-12794","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10260?format=json","purl":"pkg:pypi/django@1.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/10261?format=json","purl":"pkg:pypi/django@1.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5"}],"aliases":["CVE-2017-12794","GHSA-9r8w-6x8c-6jr9","PYSEC-2017-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35050?format=json","vulnerability_id":"VCID-rruq-9scz-vbg8","summary":"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1445","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1451","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1462","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1470","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1596","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3093","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://github.com/advisories/GHSA-37hp-765x-j95x","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-37hp-765x-j95x"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f"},{"reference_url":"https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66"},{"reference_url":"https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/97406","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97406"},{"reference_url":"http://www.securitytracker.com/id/1038177","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038177"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7233","reference_id":"CVE-2017-7233","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7233"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9840?format=json","purl":"pkg:pypi/django@1.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-hpj4-a9fa-4bca"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7"}],"aliases":["CVE-2017-7233","GHSA-37hp-765x-j95x","PYSEC-2017-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rruq-9scz-vbg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5990?format=json","vulnerability_id":"VCID-vdpf-jddk-syda","summary":"insufficient validation","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14736?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/14737?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10a1"}