21 matches found
TencentOS Server 4: python-django (TSSA-2024:0158)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0158 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
openSUSE: Security Advisory for python (openSUSE-SU-2022:10103-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-django (FEDORA-2023-a53ab7c969)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-django (FEDORA-2023-8fed428c5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : python-django (2023-8fed428c5e)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8fed428c5e advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
Fedora 38 : python-django (2023-a53ab7c969)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a53ab7c969 advisory. Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347...
[SECURITY] [DSA 5254-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5254-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 15, 2022 https://www.debian.org/security/faq -...
Security fix for the ALT Linux 10 package python3-module-django version 3.2.15-alt1
3.2.15-alt1 built Aug. 30, 2022 Alexey Shabalin in task 305627 Aug. 22, 2022 Alexey Shabalin - new version 3.2.15 - Fixes for the following security vulnerabilities: + CVE-2022-34265 Potential SQL injection via Trunckind and Extractlookupname arguments. + CVE-2022-36359 Potential reflected file...
openSUSE 15 Security Update : python-Django (openSUSE-SU-2022:10103-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10103-1 advisory. - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a...
Security update for python-Django (important)
openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2022:10103-1 Rating: important References: 1201923 Cross-References: CVE-2022-36359 CVSS scores: CVE-2022-36359 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-36359 SUSE: 7.3...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +228 more potentially affected by CVE-2022-36359 +1 more via django (>=4.0.0 <=4.0.6)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-36359, CVE-2022-45442 Source advisory: OSV:GHSA-8X94-HMJH-97HQ...
a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +1477 more potentially affected by CVE-2022-36359 +1 more via django (>=1.10.0 <=3.2.14)
django PYPI version =1.10.0, =1.0.0, =1.4.0, =1.0.1a0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =1.3.0 and more Source cves: CVE-2022-36359, CVE-2022-45442 Source advisory: OSV:GHSA-8X94-HMJH-97HQ...
FreeBSD : Django -- multiple vulnerabilities (3b47104f-1461-11ed-a0c5-080027240888)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3b47104f-1461-11ed-a0c5-080027240888 advisory. - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before...
Ubuntu 20.04 LTS / 22.04 LTS : Django vulnerability (USN-5549-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5549-1 advisory. It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or...
CVE-2022-36359
creationtimestamp| type| source ---|---|--- 2022-08-03 18:18:42+00:00| seen| https://t.me/cibsecurity/47490 2025-03-04 05:49:27+00:00| seen| https://gist.github.com/saburi-pp/237b36513b29209ae31133136478b20e...
CVE-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +228 more potentially affected by CVE-2022-36359 via django (>=4.0.0 <=4.0.6)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-36359 Source advisory: OSV:PYSEC-2022-245...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.4.3) +91 more potentially affected by CVE-2022-36359 via django (>=3.2.0 <=3.2.14)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =21.3.0, =21.4.0 and more Source cves: CVE-2022-36359 Source advisory: OSV:PYSEC-2022-245...
CVE-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
CVE-2022-36359
The vulnerability CVE-2022-36359 affects the Django HTTP FileResponse class, with Django 3.2 before 3.2.15 and 4.0 before 4.0.7 vulnerable to a reflected file download (RFD) attack. The attack can occur when the filename is derived from user-supplied input, as it sets the Content-Disposition head...