VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-spub-8snt-aaaq

Essentials
Severities (141)
References (36)
Severity details (56)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-spub-8snt-aaaq
Aliases	BIT-django-2023-43665 CVE-2023-43665 GHSA-h8gc-pgj2-vjm3 PYSEC-2023-226
Summary	In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1284	Improper Validation of Specified Quantity in Input
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1333	Inefficient Regular Expression Complexity

System	Score	Found at
cvssv3.1	6.3	https://access.redhat.com/errata/RHSA-2024:2010
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2010
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
epss	0.00149	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01596	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01596	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01836	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01905	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01905	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.01905	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.02132	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
epss	0.02132	https://api.first.org/data/v1/epss?cve=CVE-2023-43665
cvssv3.1	5.9	https://docs.djangoproject.com/en/4.2/releases/security
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.2/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/4.2/releases/security
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
cvssv3.1	3.7	https://github.com/django/django
cvssv3.1	5.9	https://github.com/django/django
generic_textual	HIGH	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	5.9	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
generic_textual	HIGH	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
generic_textual	MODERATE	https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
cvssv3.1	5.9	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
generic_textual	HIGH	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
generic_textual	MODERATE	https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
cvssv3.1	5.9	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
generic_textual	HIGH	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
generic_textual	MODERATE	https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
cvssv3.1	5.9	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	5.9	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	5.9	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
cvssv3.1	5.3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-43665
cvssv3.1	5.9	https://security.netapp.com/advisory/ntap-20231221-0001
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20231221-0001
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20231221-0001
cvssv3.1	5.9	https://www.djangoproject.com/weblog/2023/oct/04/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2023/oct/04/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2023/oct/04/security-releases
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2024/03/04/1
cvssv3.1	5.9	http://www.openwall.com/lists/oss-security/2024/03/04/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/03/04/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2024/03/04/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-43665
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
		https://docs.djangoproject.com/en/4.2/releases/security
		https://docs.djangoproject.com/en/4.2/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
		https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
		https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://groups.google.com/forum/#!forum/django-announce
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
		https://security.netapp.com/advisory/ntap-20231221-0001
		https://security.netapp.com/advisory/ntap-20231221-0001/
		https://www.djangoproject.com/weblog/2023/oct/04/security-releases
		https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
		http://www.openwall.com/lists/oss-security/2024/03/04/1
1053475		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
2241046		https://bugzilla.redhat.com/show_bug.cgi?id=2241046
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2023-43665		https://nvd.nist.gov/vuln/detail/CVE-2023-43665
GHSA-h8gc-pgj2-vjm3		https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
RHSA-2023:5758		https://access.redhat.com/errata/RHSA-2023:5758
RHSA-2023:6158		https://access.redhat.com/errata/RHSA-2023:6158
RHSA-2024:1878		https://access.redhat.com/errata/RHSA-2024:1878
RHSA-2024:2010		https://access.redhat.com/errata/RHSA-2024:2010
USN-6414-1		https://usn.ubuntu.com/6414-1/
USN-6414-2		https://usn.ubuntu.com/6414-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:2010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:15:00Z/ Found at https://access.redhat.com/errata/RHSA-2024:2010

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.2/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.2/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43665

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43665

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43665

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20231221-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2023/oct/04/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/04/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/03/04/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.51716
EPSS Score	0.00149
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.