Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-21520

Опубликовано: 26 июн. 2024
Источник: debian

Описание

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
djangorestframeworkfixed3.15.2-1package
djangorestframeworkno-dsabookwormpackage
djangorestframeworkno-dsabullseyepackage

Примечания

  • https://github.com/encode/django-rest-framework/pull/9435

  • https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642 (3.15.2)

Связанные уязвимости

ubuntu логотип

CVE-2024-21520

CVSS3: 6.1
ubuntu
больше 1 года назад

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

redhat логотип

CVE-2024-21520

CVSS3: 6.1
redhat
больше 1 года назад

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

nvd логотип

CVE-2024-21520

CVSS3: 6.1
nvd
больше 1 года назад

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

github логотип

GHSA-gw84-84pc-xp82

CVSS3: 6.1
github
больше 1 года назад

Cross-site Scripting in djangorestframework