Search for packages
| purl | pkg:pypi/django@3.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7dtn-w6bf-aaab
Aliases: BIT-2020-13254 BIT-django-2020-13254 CVE-2020-13254 GHSA-wpjr-j57x-wxfw PYSEC-2020-31 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
Affected by 14 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-an9k-wmax-aaam
Aliases: BIT-2021-33203 BIT-django-2021-33203 CVE-2021-33203 GHSA-68w8-qjq3-2gfm PYSEC-2021-98 |
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. |
Affected by 6 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-he7b-33hj-aaab
Aliases: BIT-2021-33571 BIT-django-2021-33571 CVE-2021-33571 GHSA-p99v-5w3c-jqq9 PYSEC-2021-99 |
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . |
Affected by 6 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-pm6s-x7r5-aaak
Aliases: CVE-2019-19844 GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 PYSEC-2019-86 |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
Affected by 18 other vulnerabilities. |
|
VCID-psfg-va2d-aaae
Aliases: BIT-2021-35042 BIT-django-2021-35042 CVE-2021-35042 GHSA-xpfp-f569-q3p2 PYSEC-2021-109 |
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. |
Affected by 5 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-r32d-wxg1-aaap
Aliases: BIT-2021-31542 BIT-django-2021-31542 CVE-2021-31542 GHSA-rxjp-mfm9-w4wr PYSEC-2021-7 |
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. |
Affected by 9 other vulnerabilities. Affected by 25 other vulnerabilities. |
|
VCID-x5yz-7qtf-aaar
Aliases: BIT-2020-9402 BIT-django-2020-9402 CVE-2020-9402 GHSA-3gh2-xw74-jmcw PYSEC-2020-36 |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. |
Affected by 16 other vulnerabilities. |
|
VCID-zh4q-8g5x-aaas
Aliases: BIT-2020-7471 BIT-django-2020-7471 CVE-2020-7471 GHSA-hmr4-m2h5-33qx PYSEC-2020-35 |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
Affected by 17 other vulnerabilities. |
|
VCID-zrah-xa2u-aaan
Aliases: BIT-2020-13596 BIT-django-2020-13596 CVE-2020-13596 GHSA-2m34-jcjv-45xf PYSEC-2020-32 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
Affected by 14 other vulnerabilities. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T20:05:41.656869+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | None | 36.0.0 |
| 2025-03-28T20:05:19.880829+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | None | 36.0.0 |
| 2025-03-28T20:04:12.177264+00:00 | GHSA Importer | Affected by | VCID-zrah-xa2u-aaan | None | 36.0.0 |
| 2025-03-28T20:04:11.758951+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | None | 36.0.0 |
| 2025-03-28T20:03:46.889151+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | None | 36.0.0 |
| 2025-01-17T02:39:00.324595+00:00 | GHSA Importer | Affected by | VCID-psfg-va2d-aaae | None | 35.1.0 |
| 2025-01-17T02:38:56.274173+00:00 | GHSA Importer | Affected by | VCID-he7b-33hj-aaab | None | 35.1.0 |
| 2025-01-17T02:38:55.558063+00:00 | GHSA Importer | Affected by | VCID-an9k-wmax-aaam | None | 35.1.0 |
| 2025-01-17T02:38:47.730493+00:00 | GHSA Importer | Affected by | VCID-r32d-wxg1-aaap | None | 35.1.0 |
| 2024-09-17T22:26:41.893424+00:00 | GitLab Importer | Affected by | VCID-an9k-wmax-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-33203.yml | 34.0.1 |
| 2024-09-17T22:14:02.744405+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | https://github.com/advisories/GHSA-hmr4-m2h5-33qx | 34.0.1 |
| 2024-09-17T22:13:47.495458+00:00 | GHSA Importer | Affected by | VCID-he7b-33hj-aaab | https://github.com/advisories/GHSA-p99v-5w3c-jqq9 | 34.0.1 |
| 2024-09-17T22:13:47.377946+00:00 | GHSA Importer | Affected by | VCID-an9k-wmax-aaam | https://github.com/advisories/GHSA-68w8-qjq3-2gfm | 34.0.1 |
| 2024-09-17T22:13:47.131660+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | https://github.com/advisories/GHSA-vfq6-hq5r-27r6 | 34.0.1 |
| 2024-09-17T22:13:47.041855+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | https://github.com/advisories/GHSA-wpjr-j57x-wxfw | 34.0.1 |
| 2024-09-17T22:13:40.846602+00:00 | GHSA Importer | Affected by | VCID-psfg-va2d-aaae | https://github.com/advisories/GHSA-xpfp-f569-q3p2 | 34.0.1 |
| 2024-09-17T22:13:37.434615+00:00 | GHSA Importer | Affected by | VCID-r32d-wxg1-aaap | https://github.com/advisories/GHSA-rxjp-mfm9-w4wr | 34.0.1 |
| 2024-09-17T22:13:13.703583+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | https://github.com/advisories/GHSA-3gh2-xw74-jmcw | 34.0.1 |
| 2024-04-23T17:41:27.911608+00:00 | GHSA Importer | Affected by | VCID-psfg-va2d-aaae | https://github.com/advisories/GHSA-xpfp-f569-q3p2 | 34.0.0rc4 |
| 2024-04-23T17:41:27.664912+00:00 | GHSA Importer | Affected by | VCID-r32d-wxg1-aaap | https://github.com/advisories/GHSA-rxjp-mfm9-w4wr | 34.0.0rc4 |
| 2024-04-23T17:41:18.634306+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | https://github.com/advisories/GHSA-3gh2-xw74-jmcw | 34.0.0rc4 |
| 2024-01-03T17:52:40.663867+00:00 | GitLab Importer | Affected by | VCID-an9k-wmax-aaam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-33203.yml | 34.0.0rc1 |
| 2024-01-03T17:46:42.522753+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | https://github.com/advisories/GHSA-3gh2-xw74-jmcw | 34.0.0rc1 |
| 2024-01-03T17:44:12.243295+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | https://github.com/advisories/GHSA-hmr4-m2h5-33qx | 34.0.0rc1 |
| 2024-01-03T17:43:57.628210+00:00 | GHSA Importer | Affected by | VCID-he7b-33hj-aaab | https://github.com/advisories/GHSA-p99v-5w3c-jqq9 | 34.0.0rc1 |
| 2024-01-03T17:43:57.506953+00:00 | GHSA Importer | Affected by | VCID-an9k-wmax-aaam | https://github.com/advisories/GHSA-68w8-qjq3-2gfm | 34.0.0rc1 |
| 2024-01-03T17:43:57.119100+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | https://github.com/advisories/GHSA-vfq6-hq5r-27r6 | 34.0.0rc1 |
| 2024-01-03T17:43:57.018535+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | https://github.com/advisories/GHSA-wpjr-j57x-wxfw | 34.0.0rc1 |
| 2024-01-03T17:43:51.250219+00:00 | GHSA Importer | Affected by | VCID-psfg-va2d-aaae | https://github.com/advisories/GHSA-xpfp-f569-q3p2 | 34.0.0rc1 |
| 2024-01-03T17:43:48.726006+00:00 | GHSA Importer | Affected by | VCID-zrah-xa2u-aaan | https://github.com/advisories/GHSA-2m34-jcjv-45xf | 34.0.0rc1 |
| 2024-01-03T17:43:48.100811+00:00 | GHSA Importer | Affected by | VCID-r32d-wxg1-aaap | https://github.com/advisories/GHSA-rxjp-mfm9-w4wr | 34.0.0rc1 |