Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.43 views

SQL Injection in Django

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS9.5AI score0.02919EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/01/05 12:15 a.m.1 views

DEBIAN-CVE-2021-45452

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it...

5.3CVSS6.5AI score0.02388EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/01 12:0 a.m.8 views

PT-2021-4594 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.20 Django versions 3.0 before 3.0.14 Django versions 3.1 before 3.1.8 Description: The issue is related to the MultiPartParser component in Django, which has a directory path restriction flaw. This flaw can be...

9.8CVSS6.9AI score0.99856EPSS
Exploits15References137
OSV
OSV
added 2020/06/05 4:20 p.m.3 views

GHSA-WPJR-J57X-WXFW Data leakage via cache key collision in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage...

8.2CVSS6.8AI score0.06041EPSS
Exploits0References16
PyPA
PyPA
added 2019/08/02 3:15 p.m.8 views

PYSEC-2019-11

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS7AI score0.03502EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2019/06/03 5:29 p.m.5 views

PYSEC-2019-9

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

5.9AI score
Exploits0References17
Rows per page
Query Builder