Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-13596

Опубликовано: 03 июн. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed2:2.2.13-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2020/06/03/1

  • https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)

  • https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch)

  • https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)

  • https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)

EPSS

Процентиль: 76%
0.00992
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-13596

CVSS3: 6.1
ubuntu
больше 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

redhat логотип

CVE-2020-13596

CVSS3: 6.5
redhat
больше 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

nvd логотип

CVE-2020-13596

CVSS3: 6.1
nvd
больше 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

github логотип

GHSA-2m34-jcjv-45xf

CVSS3: 6.1
github
больше 5 лет назад

XSS in Django

fstec логотип

BDU:2021-00719

fstec
больше 5 лет назад

Уязвимость реализации функции ForeignKeyRawIdWidget библиотеки Django, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 76%
0.00992
Низкий