CVE-2022-36359

🗓️ 03 Aug 2022 00:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 141 Views

An issue in Django 3.2 before 3.2.15 and 4.0 before 4.0.7 allows reflected file download attack via Content-Disposition header

Reporter	Title	Published	Views	Family All 115
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 3.2.15-alt1	30 Aug 202200:00	–	altlinux
FreeBSD	Django -- multiple vulnerabilities	1 Aug 202200:00	–	freebsd
AlpineLinux	CVE-2022-36359	3 Aug 202200:00	–	alpinelinux
Circl	CVE-2022-36359	3 Aug 202218:18	–	circl
CNNVD	Django 安全漏洞	3 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-36359	3 Aug 202200:00	–	cvelist
Debian	[SECURITY] [DSA 5254-1] python-django security update	15 Oct 202216:00	–	debian
Debian CVE	CVE-2022-36359	3 Aug 202200:00	–	debiancve
Tenable Nessus	Debian DSA-5254-1 : python-django - security update	16 Oct 202200:00	–	nessus
Tenable Nessus	Fedora 37 : python-django (2023-8fed428c5e)	28 Apr 202300:00	–	nessus

NVD

Node

djangoproject djangoRange3.2–3.2.15

OR

djangoproject djangoRange4.0–4.0.7

Node

debian debian_linuxMatch11.0

Source	Link
djangoproject	www.djangoproject.com/weblog/2022/aug/03/security-releases/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
docs	www.docs.djangoproject.com/en/4.0/releases/security/
groups	www.groups.google.com/g/django-announce/c/8cz--gvaJr4
openwall	www.openwall.com/lists/oss-security/2022/08/03/1
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
debian	www.debian.org/security/2022/dsa-5254
security	www.security.netapp.com/advisory/ntap-20220915-0008/

21 Nov 2024 07:12Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.8

EPSS0.0113

cve-2022-36359 http fileresponse django reflected file download attack rfd content-disposition security vulnerability