django-blocklist (>=2.7.0 <=2.8.0), django-etf-api (=0.1.0) +12 more potentially affected by CVE-2024-45231 via django (>=5.1.0 <=5.1.0rc1)

django PYPI version =5.1.0, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.0.0, =0.3.19, =0.1.1, =0.91.0, =2.6.0b0, =2.6.0b2 Source cves: CVE-2024-45231 Source advisory: OSV:GHSA-RRQC-C2JX-6JGV...

django-blocklist (>=2.7.0 <=2.8.0), django-etf-api (=0.1.0) +12 more potentially affected by CVE-2024-45230 via django (>=5.1.0 <=5.1.0rc1)

django PYPI version =5.1.0, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.0.0, =0.3.19, =0.1.1, =0.91.0, =2.6.0b0, =2.6.0b2 Source cves: CVE-2024-45230 Source advisory: OSV:PYSEC-2024-102...

Cross-site Scripting (XSS)

scancodeio is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the key parameter of licenses.py, which allows an attacker to inject and execute malicious JavaScript through the /license/ endpoint...

Command Injection

scancodeio is vulnerable to Command Injection. The vulnerability exists due to the lack of validation in the dockerreference parameter of the fetchdockerimage function of fetch.py, which allows an attacker to append malicious commands through the docker fetch process...