VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-188m-1bke-aaae

Essentials
Severities (159)
References (46)
Severity details (67)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-188m-1bke-aaae
Aliases	CVE-2010-4534 GHSA-fwr5-q9rx-294f PYSEC-2011-8
Summary	The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-264	Permissions, Privileges, and Access Controls
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	6.5	http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
generic_textual	HIGH	http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
generic_textual	MODERATE	http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
cvssv3.1	6.5	http://code.djangoproject.com/changeset/15031
generic_textual	HIGH	http://code.djangoproject.com/changeset/15031
generic_textual	MODERATE	http://code.djangoproject.com/changeset/15031
cvssv3.1	6.5	http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac
generic_textual	HIGH	http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac
generic_textual	MODERATE	http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
cvssv3.1	6.5	http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter
generic_textual	HIGH	http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter
generic_textual	MODERATE	http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00365	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00553	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
epss	0.00566	https://api.first.org/data/v1/epss?cve=CVE-2010-4534
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=665373
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=665373
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=665373
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=665373
generic_textual	MODERATE	http://secunia.com/advisories/42715
generic_textual	MODERATE	http://secunia.com/advisories/42827
generic_textual	MODERATE	http://secunia.com/advisories/42913
cvssv3.1	6.5	https://github.com/advisories/GHSA-fwr5-q9rx-294f
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-fwr5-q9rx-294f
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fwr5-q9rx-294f
generic_textual	HIGH	https://github.com/advisories/GHSA-fwr5-q9rx-294f
cvssv3.1	3.7	https://github.com/django/django
cvssv3.1	6.5	https://github.com/django/django
generic_textual	HIGH	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	6.5	https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
generic_textual	HIGH	https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
generic_textual	MODERATE	https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
cvssv3.1	6.5	https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
generic_textual	HIGH	https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
generic_textual	MODERATE	https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
cvssv3.1	6.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2010-4534
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2010-4534
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2010-4534
cvssv3.1	6.5	http://www.djangoproject.com/weblog/2010/dec/22/security
cvssv3.1	7.5	http://www.djangoproject.com/weblog/2010/dec/22/security
generic_textual	HIGH	http://www.djangoproject.com/weblog/2010/dec/22/security
generic_textual	MODERATE	http://www.djangoproject.com/weblog/2010/dec/22/security
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2010/12/23/4
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2010/12/23/4
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2010/12/23/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2010/12/23/4
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2011/01/03/5
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2011/01/03/5
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2011/01/03/5
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/03/5
generic_textual	MODERATE	http://www.securityfocus.com/archive/1/515446
generic_textual	MODERATE	http://www.securityfocus.com/bid/45562
cvssv3.1	6.5	http://www.ubuntu.com/usn/USN-1040-1
cvssv3.1	7.5	http://www.ubuntu.com/usn/USN-1040-1
generic_textual	HIGH	http://www.ubuntu.com/usn/USN-1040-1
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-1040-1
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2011/0048
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2011/0098

Reference id	Reference type	URL
		http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
		http://code.djangoproject.com/changeset/15031
		http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac
		http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac/
		http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
		http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter
		http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter/
		https://api.first.org/data/v1/epss?cve=CVE-2010-4534
		https://bugzilla.redhat.com/show_bug.cgi?id=665373
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4534
		http://secunia.com/advisories/42715
		http://secunia.com/advisories/42827
		http://secunia.com/advisories/42913
		https://github.com/django/django
		https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0
		https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml
		http://www.djangoproject.com/weblog/2010/dec/22/security
		http://www.djangoproject.com/weblog/2010/dec/22/security/
		http://www.openwall.com/lists/oss-security/2010/12/23/4
		http://www.openwall.com/lists/oss-security/2011/01/03/5
		http://www.securityfocus.com/archive/1/515446
		http://www.securityfocus.com/bid/45562
		http://www.ubuntu.com/usn/USN-1040-1
		http://www.vupen.com/english/advisories/2011/0048
		http://www.vupen.com/english/advisories/2011/0098
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:a:djangoproject:django:0.91:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:0.91:::::::*
cpe:2.3:a:djangoproject:django:0.95:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:0.95:::::::*
cpe:2.3:a:djangoproject:django:0.95.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:0.95.1:::::::*
cpe:2.3:a:djangoproject:django:0.96:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:0.96:::::::*
cpe:2.3:a:djangoproject:django:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.0:::::::*
cpe:2.3:a:djangoproject:django:1.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.0.1:::::::*
cpe:2.3:a:djangoproject:django:1.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.0.2:::::::*
cpe:2.3:a:djangoproject:django:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1:::::::*
cpe:2.3:a:djangoproject:django:1.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.0:::::::*
cpe:2.3:a:djangoproject:django:1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2:::::::*
cpe:2.3:a:djangoproject:django:1.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.1:::::::*
cpe:2.3:a:djangoproject:django:1.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.2:::::::*
cpe:2.3:a:djangoproject:django:1.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.3:::::::*
cpe:2.3:a:djangoproject:django:1.3:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.3:alpha1::::::
cpe:2.3:a:djangoproject:django:1.3:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.3:alpha2::::::
CVE-2010-4534		https://nvd.nist.gov/vuln/detail/CVE-2010-4534
GHSA-fwr5-q9rx-294f		https://github.com/advisories/GHSA-fwr5-q9rx-294f
USN-1040-1		https://usn.ubuntu.com/1040-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://code.djangoproject.com/changeset/15031

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=665373

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=665373

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-fwr5-q9rx-294f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-8.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4534

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4534

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.djangoproject.com/weblog/2010/dec/22/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.djangoproject.com/weblog/2010/dec/22/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2010/12/23/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2010/12/23/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2011/01/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2011/01/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.ubuntu.com/usn/USN-1040-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.ubuntu.com/usn/USN-1040-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.70551
EPSS Score	0.00310
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.