CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

RedhatCVE•added 2019/10/04 10:18 p.m.•24 views

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

5CVSS6.8AI score0.06201EPSS

Exploits0References3

Github Security Blog•added 2018/07/23 7:51 p.m.•29 views

Denial of service in django

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS7.5AI score0.0188EPSS

Exploits0References13Affected Software1

OSV•added 2018/07/23 7:51 p.m.•30 views

GHSA-3JQW-CRQJ-W8QW Denial of service in django

8.7CVSS8AI score0.0188EPSS

Exploits0References14

GitLab Advisory Database•added 2018/07/23 12:0 a.m.•31 views

Denial of service in django

5CVSS8AI score0.0188EPSS

Exploits0References10Affected Software1

OSV•added 2013/10/04 5:55 p.m.•4 views

CVE-2013-4249

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

5.4AI score

Exploits0References10

Prion•added 2013/10/04 5:55 p.m.•16 views

Cross site scripting

4.3CVSS6AI score0.00809EPSS

Exploits2References8Affected Software1

OSV•added 2013/10/04 5:55 p.m.•16 views

PYSEC-2013-19

4.3CVSS4.1AI score0.00809EPSS

Exploits2References8

seebug.org•added 2013/08/27 12:0 a.m.•52 views

Django is_safe_url() 跨站脚本和 URLField 脚本插入漏洞

CVECAN ID: CVE-2013-4249 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4、1.5没有正确过滤django.contrib.admin的URLField字段、django.utils.http.issafeurl函数utils/http.py 的URL重定向相关输入没有被正确过滤，可被利用插入任意HTML和脚本代码，导致这些恶意代码被查看时，会在受影响站点上下文的浏览器会话中执行。 0 Django 1.4.x 厂商补丁： Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

4.3CVSS6.3AI score0.00809EPSS

Exploits2

Tenable Nessus•added 2011/10/31 12:0 a.m.•35 views

Debian DSA-2332-1 : python-django - several issues

Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework : - CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, ...

6.8CVSS5.7AI score0.0188EPSS

Exploits0References13

NVD•added 2011/10/19 10:55 a.m.•26 views

CVE-2011-4138

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

5CVSS6.5AI score0.00635EPSS

Exploits0References8

NVD•added 2011/10/19 10:55 a.m.•25 views

CVE-2011-4137

5CVSS8.8AI score0.0188EPSS

Exploits0References9

OSV•added 2011/10/19 10:55 a.m.•1 views

DEBIAN-CVE-2011-4137

5CVSS7AI score0.0188EPSS

Exploits0References1

OSV•added 2011/10/19 10:55 a.m.•6 views

CVE-2011-4138