VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ucbd-zk38-aaae

Essentials
Severities (113)
References (45)
Severity details (40)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ucbd-zk38-aaae
Aliases	BIT-2023-36053 BIT-django-2023-36053 CVE-2023-36053 GHSA-jh3w-4vvf-mjgr PYSEC-0000-CVE-2023-36053 PYSEC-2023-100
Summary	In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1333	Inefficient Regular Expression Complexity
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.4	https://access.redhat.com/errata/RHSA-2023:6818
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:6818
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00420	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00420	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00420	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.00420	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.01709	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.01709	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.01709	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.01854	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.01854	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02692	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02916	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.02994	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.03892	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.03892	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.12055	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
epss	0.21087	https://api.first.org/data/v1/epss?cve=CVE-2023-36053
cvssv3.1	7.5	https://docs.djangoproject.com/en/4.2/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/4.2/releases/security
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
generic_textual	HIGH	https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
cvssv3.1	7.5	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
generic_textual	HIGH	https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
cvssv3.1	7.5	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
generic_textual	HIGH	https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
cvssv3.1	7.5	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
generic_textual	HIGH	https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
cvssv3.1	3.7	https://groups.google.com/forum/#%21forum/django-announce
generic_textual	MODERATE	https://groups.google.com/forum/#%21forum/django-announce
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/django-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/django-announce
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-36053
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-36053
cvssv3.1	7.5	https://www.debian.org/security/2023/dsa-5465
generic_textual	HIGH	https://www.debian.org/security/2023/dsa-5465
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2023/jul/03/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2023/jul/03/security-releases

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-36053
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053
		https://docs.djangoproject.com/en/4.2/releases/security
		https://docs.djangoproject.com/en/4.2/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
		https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
		https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
		https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
		https://groups.google.com/forum/#%21forum/django-announce
		https://groups.google.com/forum/#!forum/django-announce
		https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
		https://www.debian.org/security/2023/dsa-5465
		https://www.djangoproject.com/weblog/2023/jul/03/security-releases
		https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
1040225		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
2218004		https://bugzilla.redhat.com/show_bug.cgi?id=2218004
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-36053		https://nvd.nist.gov/vuln/detail/CVE-2023-36053
GHSA-jh3w-4vvf-mjgr		https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
RHSA-2023:4692		https://access.redhat.com/errata/RHSA-2023:4692
RHSA-2023:4693		https://access.redhat.com/errata/RHSA-2023:4693
RHSA-2023:5931		https://access.redhat.com/errata/RHSA-2023:5931
RHSA-2023:6818		https://access.redhat.com/errata/RHSA-2023:6818
RHSA-2024:0212		https://access.redhat.com/errata/RHSA-2024:0212
RHSA-2024:1878		https://access.redhat.com/errata/RHSA-2024:1878
USN-6203-1		https://usn.ubuntu.com/6203-1/
USN-6203-2		https://usn.ubuntu.com/6203-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:6818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T19:42:07Z/ Found at https://access.redhat.com/errata/RHSA-2023:6818

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://docs.djangoproject.com/en/4.2/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://groups.google.com/forum/#%21forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/django-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36053

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36053

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5465

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2023/jul/03/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.59212
EPSS Score	0.00203
Published At	Dec. 13, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.