Описание
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.15 |
| devel | released | 2:3.2.11-1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.15 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.9 |
| esm-infra/xenial | needed | |
| focal | released | 2:2.2.12-1ubuntu0.9 |
| hirsute | released | 2:2.2.20-1ubuntu0.4 |
| impish | released | 2:2.2.24-1ubuntu1.2 |
| jammy | released | 2:3.2.11-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
Уязвимость шаблона dictsort фреймворка для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
5 Medium
CVSS2
7.5 High
CVSS3