2 matches found
CVE-2020-13254
Django CVE-2020-13254 affects Django 2.2 (before 2.2.13) and 3.0 (before 3.0.7). Root cause: memcached backends that do not validate keys can produce key collisions with malformed cache keys, enabling potential data leakage. Multiple upstream advisories (Arch Linux ASA-202006-8; Debian DSA-4705-1...
CVE-2020-13596
CVE-2020-13596 affects Django 2.2.x prior to 2.2.13 and 3.0.x prior to 3.0.7. The issue is an XSS vulnerability arising from query parameters generated by the admin ForeignKeyRawIdWidget not being properly URL encoded, enabling cross-site scripting. Several advisories note that upgrading Django t...