Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django

Вендор: djangoproject

График релизов

Недавние уязвимости Django

Количество 673

GHSA-j3j3-jrfh-cm2w

около 3 лет назад

Django Denial-of-service possibility with strip_tags

CVSS3: 7.5

EPSS: Низкий

GHSA-7fq8-4pv5-5w5c

около 3 лет назад

Django cross-site scripting (XSS) attack via user-supplied redirect URLs

CVSS3: 6.1

EPSS: Низкий

GHSA-296w-6qhq-gf92

около 3 лет назад

Django denial of service via file upload naming

CVSS3: 7.5

EPSS: Низкий

GHSA-r7w6-p47g-vj53

около 3 лет назад

Django Data leakage via admin history log

CVSS3: 4.3

EPSS: Низкий

GHSA-g8xg-jgj6-49r3

около 3 лет назад

Django is vulnerable to Denial of Service attack in formset

CVSS3: 5.3

EPSS: Низкий

GHSA-p6m5-h7pp-v2x5

около 3 лет назад

Django Regex Algorithmic Complexity Causes Denial of Service

CVSS3: 7.5

EPSS: Низкий

GHSA-9xg7-gg9m-rmq9

около 3 лет назад

Django Admin Media Handler Vulnerable to Directory Traversal

CVSS3: 7.5

EPSS: Низкий

GHSA-r5cj-wv24-92p5

около 3 лет назад

Django cross-site request forgery (CSRF) vulnerability

CVSS3: 7.5

EPSS: Низкий

GHSA-54qj-48vx-cr9f

около 3 лет назад

Django Cross-site scripting (XSS) vulnerability

CVSS3: 6.1

EPSS: Низкий

GHSA-pjc8-j97x-hp3p

около 3 лет назад

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-j3j3-jrfh-cm2w Django Denial-of-service possibility with strip_tags	CVSS3: 7.5	2% Низкий	около 3 лет назад
GHSA-7fq8-4pv5-5w5c Django cross-site scripting (XSS) attack via user-supplied redirect URLs	CVSS3: 6.1	3% Низкий	около 3 лет назад
GHSA-296w-6qhq-gf92 Django denial of service via file upload naming	CVSS3: 7.5	1% Низкий	около 3 лет назад
GHSA-r7w6-p47g-vj53 Django Data leakage via admin history log	CVSS3: 4.3	0% Низкий	около 3 лет назад
GHSA-g8xg-jgj6-49r3 Django is vulnerable to Denial of Service attack in formset	CVSS3: 5.3	1% Низкий	около 3 лет назад
GHSA-p6m5-h7pp-v2x5 Django Regex Algorithmic Complexity Causes Denial of Service	CVSS3: 7.5	1% Низкий	около 3 лет назад
GHSA-9xg7-gg9m-rmq9 Django Admin Media Handler Vulnerable to Directory Traversal	CVSS3: 7.5	2% Низкий	около 3 лет назад
GHSA-r5cj-wv24-92p5 Django cross-site request forgery (CSRF) vulnerability	CVSS3: 7.5	0% Низкий	около 3 лет назад
GHSA-54qj-48vx-cr9f Django Cross-site scripting (XSS) vulnerability	CVSS3: 6.1	0% Низкий	около 3 лет назад
GHSA-pjc8-j97x-hp3p DISPUTED Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.		0% Низкий	около 3 лет назад

Уязвимостей на страницу