Описание
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
A flaw was found in Django. The {% debug %} template tag did not properly encode the current context, posing a Cross-site scripting attack vector (XSS).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | python-django | Affected | ||
| Red Hat Ansible Automation Platform 2 | python-django | Affected | ||
| Red Hat Ansible Tower 3 | django | Affected | ||
| Red Hat Ceph Storage 2 | calamari-server | Out of support scope | ||
| Red Hat Ceph Storage 2 | python-django | Out of support scope | ||
| Red Hat Ceph Storage 3 | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Out of support scope | ||
| Red Hat Satellite 6 | python3-django | Affected | ||
| Red Hat Storage 3 | python-django | Affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | python-django | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...
Уязвимость фреймворка для веб-приложений Django, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга
EPSS
6.1 Medium
CVSS3