Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-13596

Опубликовано: 03 июн. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed2:2.2.13-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2020/06/03/1

  • https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)

  • https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch)

  • https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)

  • https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)

EPSS

Процентиль: 78%
0.01231
Низкий

Связанные уязвимости

CVSS3: 6.1
ubuntu
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

CVSS3: 6.5
redhat
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

CVSS3: 6.1
nvd
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

CVSS3: 6.1
github
около 5 лет назад

XSS in Django

fstec
около 5 лет назад

Уязвимость реализации функции ForeignKeyRawIdWidget библиотеки Django, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 78%
0.01231
Низкий