68 matches found
CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
Cross site scripting
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
PYSEC-2020-263
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious...
UBUNTU-CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
PYSEC-2020-263
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
CVE-2020-25626
CVE-2020-25626 affects Django REST Framework (DRF) with versions prior to 3.12.0 and prior to 3.11.2. The flaw is an improper escape of certain user-controlled strings in the browseable API viewer, allowing injection of script tags (XSS). Impact is limited to cases where attackers can influence t...
CVE-2020-25626
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...
CVE-2020-25626
A flaw was found in the Django REST Framework. When using the browseable API viewer, the Django REST Framework fails to properly escape certain strings that come from user input. This flaw allows a user to control those strings to inject malicious...
PT-2020-16135 · Django +1 · Django Rest Framework +1
Name of the Vulnerable Software and Affected Versions: Django REST Framework versions prior to 3.12.0 Django REST Framework versions prior to 3.11.2 Description: A flaw in Django REST Framework allows for a cross-site-scripting XSS issue when using the browseable API viewer. The framework fails t...
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
GHSA-FPJM-RP2G-3R4C Django Rest Framework jwt allows obtaining new token from notionally invalidated token
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
drf-jwt Authorization Issues Vulnerability
drf-jwt is a JSON Web Token Authentication support package for the Django REST Framework. An authorization issue vulnerability exists in drf-jwt version 1.15.x prior to 1.15.1, which stems from an incompatibility between the blacklist protection mechanism and the token refresh feature, and can be...
CVE-2020-10594
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
CVE-2020-10594
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
Design/Logic Flaw
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
PYSEC-2020-40
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
F5 Networks BIG-IP : REST Framework vulnerability (K11818407)
The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide clues to an attacker looking to...
JWT_AUTH_COOKIE Vulnerable To CSRF Attacks
django-rest-framework-jst creates a JWT token, JWTAUTHCOOKIE, which is vulnerable to cross-site request forgery CSRF attacks. When using django.middleware.csrf.CsrfViewMiddleware the Django framework will typically generate a secured CSRF token and ensure that it is validated upon submission of a...