Lucene search

Veracode Vulnerability DatabaseVERACODE:47774

HistoryJun 27, 2024 - 6:40 a.m.

Cross-site Scripting (XSS)

2024-06-2706:40:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

djangorestframework

input sanitization

malicious scripts

header processing

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

JSON

djangorestframework is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper input sanitization via the break_long_headers template filter. This allows an attacker to inject malicious scripts by exploiting the improper santization in the header processing.

CPENameOperatorVersion
djangorestframeworkle3.15.1
djangorestframeworkle3.15.1

CPE	Name	Operator	Version
	djangorestframework	le	3.15.1
	djangorestframework	le	3.15.1

References

github.com/advisories/GHSA-gw84-84pc-xp82

github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642

github.com/encode/django-rest-framework/compare/3.15.1...3.15.2

github.com/encode/django-rest-framework/pull/9435

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

JSON

Related for VERACODE:47774