Описание
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.16 |
| devel | released | 2:3.2.12-1 |
| esm-infra-legacy/trusty | not-affected | 1.6.11-0ubuntu1.3+esm4 |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.16 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.10 |
| esm-infra/xenial | released | 1.8.7-1ubuntu5.15+esm4 |
| focal | released | 2:2.2.12-1ubuntu0.10 |
| impish | released | 2:2.2.24-1ubuntu1.3 |
| jammy | released | 2:3.2.12-1 |
| trusty/esm | released | 1.6.11-0ubuntu1.3+esm4 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...
Уязвимость фреймворка для веб-приложений Django, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3