6 matches found
Debian DSA-5186-1 : djangorestframework - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5186 advisory. Two cross-site scripting vulnerabilities were discovered in the Django Rest Framework, a toolkit to build web APIs. For the oldstable distribution buster, this problem has...
openSUSE: Security Advisory for python-djangorestframework (openSUSE-SU-2021:0322-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
alcali (>=2018.3.1 <=3000.1.0), atlantisbot-api (>=0.1.0 <=0.1.1) +131 more potentially affected by CVE-2020-25626 via djangorestframework (>=2.3.13 <=3.11.1)
djangorestframework PYPI version =2.3.13, =2018.3.1, =0.1.0, =3.5.34, =0.0.1, =0.0.1, =5.2.1, =0.3.1, =1.0.1, =0.0.1, =0.4.0, =0.0.1, =0.3.0b2, =0.7.0 and more Source cves: CVE-2020-25626 Source advisory: OSV:GHSA-FX83-3PH3-9J2Q...
openSUSE Security Update : python-djangorestframework (openSUSE-2021-322)
This update for python-djangorestframework fixes the following issues : Update to 3.11.2 - Security: Drop urlizequotedlinks template tag in favour of Django's built-in urlize. Removes a XSS vulnerability for some kinds of content in the browsable API. boo1177205, CVE-2020-25626 - update Django fo...
Security update for python-djangorestframework (important)
openSUSE Security Update: Security update for python-djangorestframework Announcement ID: openSUSE-SU-2021:0322-1 Rating: important References: 1177205 Cross-References: CVE-2020-25626 CVSS scores: CVE-2020-25626 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-25626 SUSE: 7.1...
CVE-2020-25626
CVE-2020-25626 affects Django REST Framework (DRF) with versions prior to 3.12.0 and prior to 3.11.2. The flaw is an improper escape of certain user-controlled strings in the browseable API viewer, allowing injection of script tags (XSS). Impact is limited to cases where attackers can influence t...