7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
July 15, 2019 Alexey Shabalin 2.2.3-alt1
- 2.2.3
- build python3 only
- rename package to python3-module-django2.2
- Fixes for the following security vulnerabilities:
+ CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS
+ CVE-2019-12308 AdminURLFieldWidget XSS
+ CVE-2019-6975 Memory exhaustion in django.utils.numberformat.format()
+ CVE-2019-3498 Content spoofing possibility in the default 404 page
+ CVE-2018-16984 Password hash disclosure to view only admin users
+ CVE-2018-14574 Open redirect possibility in CommonMiddleware
+ CVE-2018-7536 Denial-of-service possibility in urlize and urlizetrunc template filters
+ CVE-2018-7537 Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
+ CVE-2018-6188 Information leakage in AuthenticationForm
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N