Lucene search
Redhat.comRH:CVE-2024-21520HistoryJun 27, 2024 - 4:22 a.m.
CVE-2024-21520
2024-06-2704:22:25
redhat.com
access.redhat.com
1
djangorestframework
cross-site scripting
xss
break_long_headers
input sanitization
improper
tags
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.7%
A vulnerability was found in the djangorestframework package. Cross-site scripting occurs via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.
Related
nvd
nvd
CVE-2024-21520
2024-06-26 05:15:50
osv
osv
Cross-site Scripting in djangorestframework
2024-06-26 06:30:29
CVE-2024-21520
2024-06-26 05:15:50
debiancve
debiancve
CVE-2024-21520
2024-06-26 05:15:50
cvelist
cvelist
CVE-2024-21520
2024-06-26 05:00:02
vulnrichment
vulnrichment
CVE-2024-21520
2024-06-26 05:00:02
github
github
Cross-site Scripting in djangorestframework
2024-06-26 06:30:29
cve
cve
CVE-2024-21520
2024-06-26 05:15:50
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.7%
Related for RH:CVE-2024-21520