31 matches found
CVE-2026-31815
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)
django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: OSV:GHSA-FFV6-JJ46-X367...
django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...
GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...
simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)
django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: SNYK:PYTHON-DJANGOUNICORN-15518682...
CVE-2026-31815
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815
CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
PT-2026-24466
Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0 Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intende...
CVE-2026-31815
creationtimestamp| type| source ---|---|--- 2026-03-09 10:58:20+00:00| published-proof-of-concept| https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367...
EUVD-2025-0219
Malicious code in bioql PyPI...
CVE-2025-24370
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...
Class Pollution
Django-Unicorn is vulnerable to Class Pollution. The vulnerability is due to improper handling of component requests due to the setpropertyvalue function allowing remote users to manipulate its parameters, leading to arbitrary changes in the Python runtime, enabling XSS, DoS, and authentication...
Class Pollution
Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Class Pollution in the setpropertyvalue function. An attacker can manipulate the Python runtime environment and trigger unintended behaviors by providing malicious values i...
simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2025-24370 via django-unicorn (>=0.50.0 <=0.59.0)
django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2025-24370 Source advisory: SNYK:PYTHON-DJANGOUNICORN-8685541...
CVE-2025-24370
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...
CVE-2025-24370 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...