23 matches found
EUVD-2023-0062
Malicious code in bioql PyPI...
CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
openSUSE 15 Security Update : python-django-grappelli (openSUSE-SU-2024:0017-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0017-1 advisory. - views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith/ but this does not...
OPENSUSE-SU-2024:0017-1 Security update for python-django-grappelli
This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...
Security update for python-django-grappelli (moderate)
openSUSE Security Update: Security update for python-django-grappelli Announcement ID: openSUSE-SU-2024:0017-1 Rating: moderate References: 1216481 Cross-References: CVE-2021-46898 CVSS scores: CVE-2021-46898 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE...
openSUSE 15 Security Update : python-django-grappelli (openSUSE-SU-2023:0384-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0384-1 advisory. - views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith/ but this does not...
OPENSUSE-SU-2023:0384-1 Security update for python-django-grappelli
This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...
Security update for python-django-grappelli (moderate)
openSUSE Security Update: Security update for python-django-grappelli Announcement ID: openSUSE-SU-2023:0384-1 Rating: moderate References: 1216481 Cross-References: CVE-2021-46898 CVSS scores: CVE-2021-46898 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE...
SUSE CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
GHSA-9X43-5QCQ-H79Q Django Grappelli Open Redirect vulnerability
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)
django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:GHSA-9X43-5QCQ-H79Q...
Django Grappelli Open Redirect vulnerability
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
PYSEC-2023-211
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
PYSEC-2023-211
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
Xxe
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
django-filebrowser (=3.13.2), geonode (=3.3.3) +2 more potentially affected by CVE-2021-46898 via django-grappelli (>=2.10.1 <=2.15.1)
django-grappelli PYPI version =2.10.1, =6.5.0, =1.12.1, =1.13.0.dev10 Source cves: CVE-2021-46898 Source advisory: OSV:PYSEC-2023-211...
CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
CVE-2021-46898
CVE-2021-46898 – django-grappelli protocol-relative URL redirect issue Affected component: views/switch.py in django-grappelli (also known as Django Grappelli) prior to version 2.15.2. The vulnerability arises from an approach that attempts to block external redirects using a startswith("/") chec...