2 matches found
PYSEC-2026-329 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...
GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...