Lucene search
K

12 matches found

OSV
OSV
added 2019/01/09 11:29 p.m.21 views

CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.2AI score
Exploits0References8
Cvelist
Cvelist
added 2018/08/03 5:0 p.m.34 views

CVE-2018-14574

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect...

6.3AI score0.2549EPSS
Exploits0References6
OSV
OSV
added 2018/08/01 2:0 p.m.7 views

UBUNTU-CVE-2018-14574

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect...

6.1CVSS6.5AI score0.2549EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/08/01 12:0 a.m.5 views

PT-2018-2304 · Django Software Foundation +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.14 Django versions 2.0.x through 2.0.7 Description: The issue is related to an Open Redirect in the django.middleware.common.CommonMiddleware module of the Django framework. This occurs due to incorrect...

7.8CVSS6AI score0.62575EPSS
Exploits2References59
NVD
NVD
added 2018/03/09 8:29 p.m.17 views

CVE-2018-7536

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

5.3CVSS5.5AI score0.04772EPSS
Exploits0References12
OSV
OSV
added 2018/03/09 8:29 p.m.29 views

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS9.5AI score
Exploits0References7
Debian CVE
Debian CVE
added 2018/03/09 8:0 p.m.27 views

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS5.5AI score0.0462EPSS
Exploits0
CVE
CVE
added 2018/03/09 12:0 a.m.539 views

CVE-2018-7536

CVE-2018-7536 affects Django: vulnerable in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The issue is a denial-of-service caused by catastrophic backtracking in two regular expressions used by django.utils.html.urlize() (one regex in 1.8.x). The urlize() function underpins...

5.3CVSS5.7AI score0.04772EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2018/03/06 12:0 a.m.7 views

PT-2018-18141 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 2.0 through 2.0.2 Django versions 1.11 through 1.11.10 Django versions 1.8 through 1.8.18 Description: An issue was discovered in the django.utils.html.urlize function, which was extremely slow to evaluate certain inputs due t...

9.8CVSS6.7AI score0.87218EPSS
Exploits29References125
Prion
Prion
added 2018/02/05 3:29 a.m.20 views

Input validation

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

5CVSS7.2AI score0.04897EPSS
Exploits0References3Affected Software2
AlpineLinux
AlpineLinux
added 2018/02/05 3:0 a.m.38 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.3AI score0.04897EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/02/04 12:0 a.m.26 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS6.8AI score0.04897EPSS
Exploits0References3
Rows per page
Query Builder