Search for packages
| purl | pkg:alpm/archlinux/python-django@4.0.6-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ay6-j864-aaaq
Aliases: BIT-django-2022-36359 CVE-2022-36359 GHSA-8x94-hmjh-97hq PYSEC-2022-245 |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3hnw-g9hf-aaap | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. |
BIT-2022-34265
BIT-django-2022-34265 CVE-2022-34265 GHSA-p64x-8rxx-wf6q PYSEC-2022-213 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:45:15.679973+00:00 | Arch Linux Importer | Fixing | VCID-3hnw-g9hf-aaap | https://security.archlinux.org/AVG-2788 | 36.0.0 |
| 2025-03-28T07:44:01.437960+00:00 | Arch Linux Importer | Affected by | VCID-1ay6-j864-aaaq | https://security.archlinux.org/AVG-2810 | 36.0.0 |
| 2024-09-18T02:00:11.617025+00:00 | Arch Linux Importer | Fixing | VCID-3hnw-g9hf-aaap | https://security.archlinux.org/AVG-2788 | 34.0.1 |
| 2024-09-18T01:59:09.696911+00:00 | Arch Linux Importer | Affected by | VCID-1ay6-j864-aaaq | https://security.archlinux.org/AVG-2810 | 34.0.1 |
| 2024-01-03T22:26:26.056970+00:00 | Arch Linux Importer | Fixing | VCID-3hnw-g9hf-aaap | https://security.archlinux.org/AVG-2788 | 34.0.0rc1 |
| 2024-01-03T22:25:27.538000+00:00 | Arch Linux Importer | Affected by | VCID-1ay6-j864-aaaq | https://security.archlinux.org/AVG-2810 | 34.0.0rc1 |