7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.9%
A vulnerability in the Django web application framework is related to excessive data output by the application during the
processing error conditions. Exploitation of the vulnerability could allow an attacker acting remotely,
to obtain sensitive system information.
Django web application framework vulnerability is related to incorrect path name restriction
to a restricted directory (“path traversal”). Exploitation of the vulnerability could allow an attacker acting
remotely, pass a specially crafted HTTP filename to the application and write the file outside the intended
directory.
The vulnerability in the Django web application framework is related to a resource management error in evaluating the
sent password. Exploitation of the vulnerability could allow an attacker, acting remotely,
to send a specially crafted password to an application and perform a denial of service (DoS) attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-django | <= 3.2.11-1 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.9%