VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xt1e-w2jw-aaaq

Essentials
Severities (158)
References (45)
Severity details (64)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-xt1e-w2jw-aaaq
Aliases	BIT-2020-24584 BIT-django-2020-24584 CVE-2020-24584 GHSA-fr28-569j-53c4 PYSEC-2020-34
Summary	An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-276	Incorrect Default Permissions
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00221	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00221	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.01608	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
epss	0.10747	https://api.first.org/data/v1/epss?cve=CVE-2020-24584
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1874492
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
cvssv3.1	7.5	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/advisories/GHSA-fr28-569j-53c4
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-fr28-569j-53c4
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fr28-569j-53c4
generic_textual	MODERATE	https://github.com/advisories/GHSA-fr28-569j-53c4
cvssv3.1	3.7	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
generic_textual	HIGH	https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
generic_textual	MODERATE	https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
cvssv3.1	7.5	https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
generic_textual	HIGH	https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
generic_textual	MODERATE	https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
cvssv3.1	7.5	https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
generic_textual	HIGH	https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
generic_textual	MODERATE	https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
cvssv3.1	7.5	https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
generic_textual	HIGH	https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
generic_textual	MODERATE	https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2020-24584
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-24584
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-24584
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-24584
archlinux	Medium	https://security.archlinux.org/AVG-1217
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20200918-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20200918-0004
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20200918-0004
cvssv3.1	7.5	https://usn.ubuntu.com/4479-1
generic_textual	HIGH	https://usn.ubuntu.com/4479-1
generic_textual	MODERATE	https://usn.ubuntu.com/4479-1
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2020/sep/01/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2020/sep/01/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2020/sep/01/security-releases
cvssv3.1	7.5	https://www.openwall.com/lists/oss-security/2020/09/01/2
generic_textual	HIGH	https://www.openwall.com/lists/oss-security/2020/09/01/2
generic_textual	MODERATE	https://www.openwall.com/lists/oss-security/2020/09/01/2
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujan2021.html
cvssv3.1	9.8	https://www.oracle.com/security-alerts/cpujan2021.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpujan2021.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpujan2021.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-24584
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
		https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
		https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
		https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
		https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM
		https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU
		https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
		https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
		https://security.netapp.com/advisory/ntap-20200918-0004
		https://security.netapp.com/advisory/ntap-20200918-0004/
		https://usn.ubuntu.com/4479-1
		https://usn.ubuntu.com/4479-1/
		https://www.djangoproject.com/weblog/2020/sep/01/security-releases
		https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
		https://www.openwall.com/lists/oss-security/2020/09/01/2
		https://www.oracle.com/security-alerts/cpujan2021.html
1874492		https://bugzilla.redhat.com/show_bug.cgi?id=1874492
969367		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367
ASA-202009-4		https://security.archlinux.org/ASA-202009-4
AVG-1217		https://security.archlinux.org/AVG-1217
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:fedoraproject:fedora:31:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
CVE-2020-24584		https://nvd.nist.gov/vuln/detail/CVE-2020-24584
GHSA-fr28-569j-53c4		https://github.com/advisories/GHSA-fr28-569j-53c4

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-fr28-569j-53c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-24584

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-24584

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-24584

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20200918-0004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/4479-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.djangoproject.com/weblog/2020/sep/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.openwall.com/lists/oss-security/2020/09/01/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpujan2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.59522
EPSS Score	0.00218
Published At	Dec. 27, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.