VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2w9q-sann-aaak

Essentials
Severities (142)
References (47)
Severity details (53)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-2w9q-sann-aaak
Aliases	CVE-2019-14232 GHSA-c4qh-4vgv-qc6g PYSEC-2019-11 PYSEC-2019-81
Summary	An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14232.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1324
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4390
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
epss	0.01486	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01486	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01515	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01515	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01926	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01926	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01926	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01926	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.01978	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02119	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02119	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02289	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02368	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02432	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02432	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02432	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.02619	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.03002	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.03002	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.03082	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.03082	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.03082	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
epss	0.04243	https://api.first.org/data/v1/epss?cve=CVE-2019-14232
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1734405
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
cvssv3.1	7.5	https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
cvssv3.1	7.5	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
cvssv3.1	7.5	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
generic_textual	HIGH	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
cvssv3.1	7.5	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
generic_textual	HIGH	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-14232
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14232
cvssv3.1	7.5	https://seclists.org/bugtraq/2019/Aug/15
generic_textual	HIGH	https://seclists.org/bugtraq/2019/Aug/15
archlinux	Medium	https://security.archlinux.org/AVG-1015
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4084-1
cvssv3.1	7.5	https://www.debian.org/security/2019/dsa-4498
generic_textual	HIGH	https://www.debian.org/security/2019/dsa-4498
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2019/aug/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2019/aug/01/security-releases
cvssv3.1	7.5	https://www.openwall.com/lists/oss-security/2023/10/04/6
generic_textual	HIGH	https://www.openwall.com/lists/oss-security/2023/10/04/6
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2023/10/04/6
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2023/10/04/6
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2024/03/04/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/03/04/1

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14232.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14232
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
		https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
		https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
		https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
		https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ/
		https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
		https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/
		https://seclists.org/bugtraq/2019/Aug/15
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20190828-0002
		https://security.netapp.com/advisory/ntap-20190828-0002/
		https://ubuntu.com/security/notices/USN-4084-1
		https://www.debian.org/security/2019/dsa-4498
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
		https://www.openwall.com/lists/oss-security/2023/10/04/6
		http://www.openwall.com/lists/oss-security/2023/10/04/6
		http://www.openwall.com/lists/oss-security/2024/03/04/1
1734405		https://bugzilla.redhat.com/show_bug.cgi?id=1734405
934026		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
ASA-201908-2		https://security.archlinux.org/ASA-201908-2
AVG-1015		https://security.archlinux.org/AVG-1015
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-14232		https://nvd.nist.gov/vuln/detail/CVE-2019-14232
GHSA-c4qh-4vgv-qc6g		https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
RHSA-2020:1324		https://access.redhat.com/errata/RHSA-2020:1324
RHSA-2020:4390		https://access.redhat.com/errata/RHSA-2020:4390
USN-4084-1		https://usn.ubuntu.com/4084-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14232

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://seclists.org/bugtraq/2019/Aug/15

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20190828-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2019/dsa-4498

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2019/aug/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2023/10/04/6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/10/04/6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/04/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.86523
EPSS Score	0.01486
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.