68 matches found
Simple JWT Security Vulnerability
Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...
K11818407: REST Framework vulnerability CVE-2019-6602
Security Advisory Description The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide...
SUSE CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
SUSE CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
abaci-users (=0.1.0), burl (=1.0.0) +80 more potentially affected by CVE-2018-25045 via django-rest-framework (=0.1.0)
django-rest-framework PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on django-rest-framework and may be impacted: - abaci-users =0.1.0 - burl =1.0.0 - coopstarter-data =0.1.1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.4, =0.5.0,...
Django REST framework XSS Vulnerability
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
DEBIAN-CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
Cross site scripting
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
UBUNTU-CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework (django-rest-framework) before 3.9.1 is vulnerable to cross-site scripting (XSS) because the default Browsable API templates disable autoescaping. This causes unescaped content to be rendered in the Browsable API UI, enabling potential script injection when user-supplied dat...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
Django 跨站脚本漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django REST framework versions prior to 3.9.1 that stems from...
[SECURITY] [DSA 5186-1] djangorestframework security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 22, 2022 https://www.debian.org/security/faq -...
Cross-site Scripting (XSS) in Django REST Framework
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
GHSA-FX83-3PH3-9J2Q Cross-site Scripting (XSS) in Django REST Framework
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
Cross-Site Scripting
Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates...