Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-13254

Опубликовано: 03 июн. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed2:2.2.13-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2020/06/03/1

  • https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)

  • https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch)

  • https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch)

  • https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)

  • Regression https://code.djangoproject.com/ticket/31654

EPSS

Процентиль: 92%
0.08918
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-13254

CVSS3: 5.9
ubuntu
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

redhat логотип

CVE-2020-13254

CVSS3: 5.9
redhat
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

nvd логотип

CVE-2020-13254

CVSS3: 5.9
nvd
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

github логотип

GHSA-wpjr-j57x-wxfw

CVSS3: 5.9
github
около 5 лет назад

Data leakage via cache key collision in Django

fstec логотип

BDU:2021-00780

CVSS3: 5.9
fstec
около 5 лет назад

Уязвимость библиотеки Django, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 92%
0.08918
Низкий