Lucene search
K

192 matches found

OSV
OSV
added 2023/02/17 11:4 a.m.4 views

OESA-2023-1099 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/10 12:0 a.m.7 views

The vulnerability of the Django web application software platform, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Django web application framework lies in the unlimited distribution of resources when processing the Accept-Language header. Exploiting this vulnerability can allow a remote attacker to cause service failures...

4.7CVSS6.9AI score0.47102EPSS
Exploits0References11Affected Software5
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.10 views

PT-2023-3407

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...

10CVSS6.7AI score0.0138EPSS
Exploits0References139
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.6 views

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, a view system, a template system, and more. A security vulnerability exists in Django versions 3.2 prior to 3.2.15 and 4.0 prior to 4.0.7...

8.8CVSS7.8AI score0.00657EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/12 4:47 a.m.3 views

Django Extract and Trunc functions vulnerable to SQL injection

Overview Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerabilityCWE-89. Takuto Yoshikai of Aeye Security Lab reported this vulnerability to the developer and coordinated. Aft...

9.8CVSS7.8AI score0.73274EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/07/04 12:0 a.m.12 views

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes object-oriented mapper, view system, template system, etc. Django has a SQL injection vulnerability that can be exploited by attackers to send specially crafted SQL...

9.8CVSS8.5AI score0.73274EPSS
Exploits3References19
OSV
OSV
added 2022/05/11 11:3 a.m.5 views

OESA-2022-1642 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column...

9.8CVSS7.9AI score0.18516EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/04/22 12:24 a.m.21 views

Cobbler Web Interface Lacks CSRF Protection

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8CVSS7.2AI score0.0063EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/04/22 12:0 a.m.33 views

Cross-Site Request Forgery (CSRF)

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8CVSS7.2AI score0.0063EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.39 views

django-mfa3 授权问题漏洞

django-mfa3 is a stubborn Django application that handles multi-factor authentication MFA via FIDO2, TOTP and recovery code. A security vulnerability exists in django-mfa3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

8.8CVSS7.8AI score0.011EPSS
Exploits0References5
OSV
OSV
added 2022/04/11 8:0 a.m.3 views

UBUNTU-CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS7.2AI score0.02919EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.56 views

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

9.8CVSS8.5AI score0.18516EPSS
Exploits3References24
CNVD
CNVD
added 2022/03/08 12:0 a.m.11 views

Github spirit input validation error vulnerability

Github spirit is a Python-based forum built using the Django framework. github spirit is vulnerable to an input validation error, which stems from sending a request that results in an insecure redirect. No detailed vulnerability details are available at this time...

6.1CVSS1.5AI score0.0262EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/06 12:0 a.m.5 views

Github spirit 输入验证错误漏洞

Github spirit is a Python-based forum built using the Django framework. github spirit is vulnerable to an input validation error, which stems from sending a request that results in an insecure redirect. No detailed vulnerability details are available at this time...

6.1CVSS5.5AI score0.0262EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/02/04 12:0 a.m.7 views

The vulnerability of the Django web application framework, related to the lack of protection for website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Django web application framework is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...

6.4CVSS6.6AI score0.03328EPSS
Exploits1References9Affected Software4
CNVD
CNVD
added 2022/01/16 12:0 a.m.38 views

Django Cross-Site Scripting Vulnerability (CNVD-2022-08043)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has a cross-site scripting vulnerability in version 3.7.3 that stems from not validating th...

5.4CVSS5.2AI score0.00617EPSS
Exploits1References1
OSV
OSV
added 2022/01/05 12:15 a.m.2 views

DEBIAN-CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user...

7.5CVSS7.5AI score0.02397EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.5 views

Django 输入验证错误漏洞

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. A security vulnerability exists in Django versions 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1...

7.5CVSS5.6AI score0.01855EPSS
Exploits0References14
PyPA
PyPA
added 2021/12/08 12:15 a.m.7 views

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

7.5CVSS6.9AI score0.02295EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/11 1:15 a.m.6 views

CVE-2021-42134

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053...

6.1CVSS6.4AI score0.00677EPSS
Exploits0References3
Rows per page
Query Builder