3 matches found
DEBIAN-CVE-2022-36359
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
PYSEC-2022-245
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...
PT-2022-7209
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.14 Django versions 4.0 through 4.0.6 Description An issue was discovered in the HTTP FileResponse class. The application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition...