Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 673
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
GHSA-59w8-4wm2-4xw8
Django Image Field Vulnerable to Image Decompression Bombs
GHSA-5h2q-4hrp-v9rr
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
GHSA-78vx-ggch-wghm
Django Allows Redirect via Data URL
GHSA-2655-q453-22f9
Django Allows Arbitrary URL Generation
GHSA-vjjp-9r83-22rc
Django Directory Traversal via ssi template tag
GHSA-4c42-4rxm-x6qf
Django Denial of Service Vulnerability in the authentication framework
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 92% Критический | почти 3 года назад |
| CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ... | CVSS3: 9.8 | 92% Критический | почти 3 года назад |
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 92% Критический | почти 3 года назад |
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 92% Критический | почти 3 года назад |
| GHSA-59w8-4wm2-4xw8 Django Image Field Vulnerable to Image Decompression Bombs | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-5h2q-4hrp-v9rr Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-78vx-ggch-wghm Django Allows Redirect via Data URL | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-2655-q453-22f9 Django Allows Arbitrary URL Generation | CVSS3: 7.5 | 4% Низкий | около 3 лет назад |
| GHSA-vjjp-9r83-22rc Django Directory Traversal via ssi template tag | CVSS3: 8.6 | 1% Низкий | около 3 лет назад |
| GHSA-4c42-4rxm-x6qf Django Denial of Service Vulnerability in the authentication framework | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу