VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pyaf-bv24-aaah

Essentials
Severities (122)
References (42)
Severity details (43)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-pyaf-bv24-aaah
Aliases	CVE-2019-14234 GHSA-6r97-cj55-9hrq PYSEC-2019-13 PYSEC-2019-83
Summary	An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14234.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1324
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4390
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00766	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00768	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00801	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.00801	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.1887	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.1887	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.1887	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.1887	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19093	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19463	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19875	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19875	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19875	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.19875	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
epss	0.28841	https://api.first.org/data/v1/epss?cve=CVE-2019-14234
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1734417
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-6r97-cj55-9hrq
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	9.8	https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
generic_textual	CRITICAL	https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
cvssv3.1	9.8	https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
generic_textual	CRITICAL	https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
cvssv3.1	9.8	https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
generic_textual	CRITICAL	https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
cvssv3.1	9.8	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
cvssv3.1	7.5	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-14234
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-14234
cvssv3.1	7.5	https://seclists.org/bugtraq/2019/Aug/15
generic_textual	HIGH	https://seclists.org/bugtraq/2019/Aug/15
archlinux	Medium	https://security.archlinux.org/AVG-1015
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20190828-0002
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4084-1
cvssv3.1	7.5	https://www.debian.org/security/2019/dsa-4498
generic_textual	HIGH	https://www.debian.org/security/2019/dsa-4498
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2019/aug/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2019/aug/01/security-releases

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14234.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-14234
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
		https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
		https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
		https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
		https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
		https://seclists.org/bugtraq/2019/Aug/15
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20190828-0002
		https://security.netapp.com/advisory/ntap-20190828-0002/
		https://ubuntu.com/security/notices/USN-4084-1
		https://www.debian.org/security/2019/dsa-4498
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases
		https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
1734417		https://bugzilla.redhat.com/show_bug.cgi?id=1734417
934026		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
ASA-201908-2		https://security.archlinux.org/ASA-201908-2
AVG-1015		https://security.archlinux.org/AVG-1015
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
CVE-2019-14234		https://nvd.nist.gov/vuln/detail/CVE-2019-14234
GHSA-6r97-cj55-9hrq		https://github.com/advisories/GHSA-6r97-cj55-9hrq
RHSA-2020:1324		https://access.redhat.com/errata/RHSA-2020:1324
RHSA-2020:4390		https://access.redhat.com/errata/RHSA-2020:4390
USN-4084-1		https://usn.ubuntu.com/4084-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14234

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14234

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://seclists.org/bugtraq/2019/Aug/15

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20190828-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2019/dsa-4498

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2019/aug/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81618
EPSS Score	0.00766
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.