VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pm6s-x7r5-aaak

Essentials
Severities (117)
References (44)
Severity details (45)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-pm6s-x7r5-aaak
Aliases	CVE-2019-19844 GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 PYSEC-2019-86
Summary	Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-640	Weak Password Recovery Mechanism for Forgotten Password
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-290	Authentication Bypass by Spoofing

System	Score	Found at
cvssv3.1	9.8	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
generic_textual	CRITICAL	http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
generic_textual	High	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19844.html
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.12612	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.15456	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.21488	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.22520	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.25327	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.25327	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.25327	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.45753	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.45753	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.45753	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
epss	0.45832	https://api.first.org/data/v1/epss?cve=CVE-2019-19844
rhbs	urgent	https://bugzilla.redhat.com/show_bug.cgi?id=1788425
generic_textual	High	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-vfq6-hq5r-27r6
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	9.8	https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
generic_textual	CRITICAL	https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
cvssv3.1	9.8	https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
generic_textual	CRITICAL	https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
cvssv3.1	9.8	https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
generic_textual	CRITICAL	https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
cvssv3.1	9.8	https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
generic_textual	CRITICAL	https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
cvssv3.1	9.8	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
cvssv3.1	9.8	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
generic_textual	CRITICAL	https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-19844
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-19844
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-19844
cvssv3.1	9.8	https://seclists.org/bugtraq/2020/Jan/9
generic_textual	CRITICAL	https://seclists.org/bugtraq/2020/Jan/9
archlinux	High	https://security.archlinux.org/AVG-1080
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20200110-0003
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20200110-0003
generic_textual	High	https://ubuntu.com/security/notices/USN-4224-1
cvssv3.1	9.8	https://usn.ubuntu.com/4224-1
generic_textual	CRITICAL	https://usn.ubuntu.com/4224-1
generic_textual	High	https://usn.ubuntu.com/usn/usn-4224-1
cvssv3.1	9.8	https://www.debian.org/security/2020/dsa-4598
generic_textual	CRITICAL	https://www.debian.org/security/2020/dsa-4598
cvssv3.1	9.8	https://www.djangoproject.com/weblog/2019/dec/18/security-releases
generic_textual	CRITICAL	https://www.djangoproject.com/weblog/2019/dec/18/security-releases
generic_textual	High	https://www.djangoproject.com/weblog/2019/dec/18/security-releases/

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19844.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-19844
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
		https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
		https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
		https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
		https://groups.google.com/forum/#%21topic/django-announce/3oaB2rVH3a0
		https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
		https://seclists.org/bugtraq/2020/Jan/9
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20200110-0003
		https://security.netapp.com/advisory/ntap-20200110-0003/
		https://ubuntu.com/security/notices/USN-4224-1
		https://usn.ubuntu.com/4224-1
		https://usn.ubuntu.com/4224-1/
		https://usn.ubuntu.com/usn/usn-4224-1
		https://www.debian.org/security/2020/dsa-4598
		https://www.djangoproject.com/weblog/2019/dec/18/security-releases
		https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
1788425		https://bugzilla.redhat.com/show_bug.cgi?id=1788425
946937		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
AVG-1080		https://security.archlinux.org/AVG-1080
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:a:djangoproject:django:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:3.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
CVE-2019-19844	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
CVE-2019-19844		https://nvd.nist.gov/vuln/detail/CVE-2019-19844
CVE-2019-19844	Exploit	https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
GHSA-vfq6-hq5r-27r6		https://github.com/advisories/GHSA-vfq6-hq5r-27r6
USN-6722-1		https://usn.ubuntu.com/6722-1/

Data source	Exploit-DB
Date added	Jan. 6, 2020
Description	Django < 3.0 < 2.2 < 1.11 - Account Hijack
Ransomware campaign use	Known
Source publication date	Dec. 24, 2019
Exploit type	webapps
Platform	python
Source update date	April 13, 2020
Source URL	https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19844

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19844

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19844

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://seclists.org/bugtraq/2020/Jan/9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20200110-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4224-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2020/dsa-4598

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.djangoproject.com/weblog/2019/dec/18/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.93577
EPSS Score	0.12612
Published At	June 10, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.