Lucene search

K

6 matches found

CVE
CVE
added 2020/03/05 3:15 p.m.164 views

CVE-2020-9402

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping...

8.8CVSS8.7AI score0.54189EPSS
CVE
CVE
added 2020/02/03 12:15 p.m.163 views

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter...

9.8CVSS9.5AI score0.07771EPSS
CVE
CVE
added 2020/06/03 2:15 p.m.146 views

CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

5.9CVSS5.9AI score0.08918EPSS
CVE
CVE
added 2020/09/01 1:15 p.m.132 views

CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level ...

7.5CVSS7.3AI score0.0284EPSS
CVE
CVE
added 2020/09/01 1:15 p.m.132 views

CVE-2020-24584

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

7.5CVSS7.3AI score0.01608EPSS
CVE
CVE
added 2020/06/03 2:15 p.m.130 views

CVE-2020-13596

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

6.1CVSS5.9AI score0.0108EPSS