VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g3n7-gan2-aaap

Essentials
Severities (134)
References (43)
Severity details (44)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-g3n7-gan2-aaap
Aliases	CVE-2015-8213 GHSA-6wcr-wcqm-3mfh PYSEC-2015-11
Summary	The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	2.8	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
cvssv3.1	2.8	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
cvssv3.1	2.8	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
cvssv3.1	2.8	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8213.html
cvssv3.1	2.8	http://rhn.redhat.com/errata/RHSA-2016-0129.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2016-0129.html
cvssv3.1	2.8	http://rhn.redhat.com/errata/RHSA-2016-0156.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2016-0156.html
cvssv3.1	2.8	http://rhn.redhat.com/errata/RHSA-2016-0157.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2016-0157.html
cvssv3.1	2.8	http://rhn.redhat.com/errata/RHSA-2016-0158.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2016-0158.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0129
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0156
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0157
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0158
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0360
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00727	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00769	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00769	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00769	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.00769	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.02011	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.02962	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
epss	0.03006	https://api.first.org/data/v1/epss?cve=CVE-2015-8213
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1283553
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8213
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	2.8	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
generic_textual	MODERATE	https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
cvssv3.1	2.8	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
generic_textual	MODERATE	https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
cvssv3.1	2.8	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
generic_textual	MODERATE	https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
cvssv3.1	2.8	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
generic_textual	MODERATE	https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
cvssv3.1	2.8	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2015-8213
generic_textual	Medium	https://ubuntu.com/security/notices/USN-2816-1
cvssv3.1	2.8	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
generic_textual	Medium	https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
cvssv3.1	2.8	http://www.debian.org/security/2015/dsa-3404
generic_textual	MODERATE	http://www.debian.org/security/2015/dsa-3404
cvssv3.1	2.8	http://www.securityfocus.com/bid/77750
generic_textual	MODERATE	http://www.securityfocus.com/bid/77750
cvssv3.1	2.8	http://www.securitytracker.com/id/1034237
generic_textual	MODERATE	http://www.securitytracker.com/id/1034237
cvssv3.1	2.8	http://www.ubuntu.com/usn/USN-2816-1
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-2816-1

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
		http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
		http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
		http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
		http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8213.html
		http://rhn.redhat.com/errata/RHSA-2016-0129.html
		http://rhn.redhat.com/errata/RHSA-2016-0156.html
		http://rhn.redhat.com/errata/RHSA-2016-0157.html
		http://rhn.redhat.com/errata/RHSA-2016-0158.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8213.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-8213
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8213
		https://github.com/django/django
		https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
		https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da
		https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
		https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml
		https://ubuntu.com/security/notices/USN-2816-1
		https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued
		https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
		http://www.debian.org/security/2015/dsa-3404
		http://www.securityfocus.com/bid/77750
		http://www.securitytracker.com/id/1034237
		http://www.ubuntu.com/usn/USN-2816-1
1283553		https://bugzilla.redhat.com/show_bug.cgi?id=1283553
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:a:djangoproject:django:1.8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:::::::*
cpe:2.3:a:djangoproject:django:1.8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:::::::*
cpe:2.3:a:djangoproject:django:1.8.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:::::::*
cpe:2.3:a:djangoproject:django:1.8.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.3:::::::*
cpe:2.3:a:djangoproject:django:1.8.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.4:::::::*
cpe:2.3:a:djangoproject:django:1.8.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.5:::::::*
cpe:2.3:a:djangoproject:django:1.8.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.6:::::::*
cpe:2.3:a:djangoproject:django:1.9.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.0:rc1::::::
CVE-2015-8213		https://nvd.nist.gov/vuln/detail/CVE-2015-8213
GHSA-6wcr-wcqm-3mfh		https://github.com/advisories/GHSA-6wcr-wcqm-3mfh
RHSA-2016:0129		https://access.redhat.com/errata/RHSA-2016:0129
RHSA-2016:0156		https://access.redhat.com/errata/RHSA-2016:0156
RHSA-2016:0157		https://access.redhat.com/errata/RHSA-2016:0157
RHSA-2016:0158		https://access.redhat.com/errata/RHSA-2016:0158
RHSA-2016:0360		https://access.redhat.com/errata/RHSA-2016:0360
USN-2816-1		https://usn.ubuntu.com/2816-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0129.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0156.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0157.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0158.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/3ebbda0aef9e7a90ac6208bb8f9bc21228e2c7da

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-11.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-8213

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://www.debian.org/security/2015/dsa-3404

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://www.securityfocus.com/bid/77750

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://www.securitytracker.com/id/1034237

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at http://www.ubuntu.com/usn/USN-2816-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81076
EPSS Score	0.00727
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.