6 matches found
Security update for python-Django (important)
openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20937-1 Rating: important References: bsc1267576 bsc1267577 bsc1267578 bsc1267579 bsc1267580 Cross-References: CVE-2026-35193 CVE-2026-48587...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aa-altcorp (>=0.1.2b0 <=1.1.1) +1647 more potentially affected by CVE-2026-35193 via django (>=5.0.0 <=5.2.14)
django PYPI version =5.0.0, =0.0.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.11.1 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...
1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...
CVE-2026-35193
creationtimestamp| type| source ---|---|--- 2026-06-03 15:44:14+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnfgymbjrd2e...
aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1421 more potentially affected by CVE-2026-35193 via django (>=5.2.0 <=5.2.14)
django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2026-35193 Source advisory: OSV:PYSEC-2026-197...
CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...