Https://packages.altlinux.org/en/sisyphus/security/E755EF61A01D9F48798D9F6BEEBE39E9Security fix for the ALT Linux 10 package python3-module-django version 2.2.17-alt1
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
82.3%
Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1
- new version 2.2.17
- Fixes for the following security vulnerabilities:
+ CVE-2020-13254 Potential data leakage via malformed memcached keys
+ CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget
+ CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
+ CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
82.3%