Search for packages
| purl | pkg:deb/ubuntu/python-django@1:1.11.22-1ubuntu1.3 |
| Next non-vulnerable version | 1:1.11.22-1ubuntu1.4 |
| Latest non-vulnerable version | 1:1.11.22-1ubuntu1.4 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7dtn-w6bf-aaab
Aliases: BIT-2020-13254 BIT-django-2020-13254 CVE-2020-13254 GHSA-wpjr-j57x-wxfw PYSEC-2020-31 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
Affected by 0 other vulnerabilities. |
|
VCID-zrah-xa2u-aaan
Aliases: BIT-2020-13596 BIT-django-2020-13596 CVE-2020-13596 GHSA-2m34-jcjv-45xf PYSEC-2020-32 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-x5yz-7qtf-aaar | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. |
BIT-2020-9402
BIT-django-2020-9402 CVE-2020-9402 GHSA-3gh2-xw74-jmcw PYSEC-2020-36 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|