Django Rest Framework Security Vulnerabilities and Issues — Django Rest Framework CVE List

Lucene search

Django-rest-frameworkDjango Rest Framework

3 matches found

CVE•added 2022/07/23 2:15 a.m.•2113 views

CVE-2018-25045

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.

6.1CVSS5.8AI score0.00123EPSS

CVE•added 2024/03/15 8:15 p.m.•2015 views

CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists becau...

5.3CVSS7.4AI score0.02473EPSS

CVE•added 2020/09/30 8:15 p.m.•200 views

CVE-2020-25626

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious [removed] tags...

6.1CVSS5.8AI score0.00828EPSS