Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 679
GHSA-4qjw-vx62-3vqx
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
GHSA-95rw-fx8r-36v6
Cross-site Scripting in Django
GHSA-6cw3-g6wv-c2xv
Infinite Loop in Django
CVE-2022-23833
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
CVE-2022-23833
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...
CVE-2022-22818
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
CVE-2022-22818
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...
CVE-2022-22818
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
CVE-2022-23833
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
CVE-2022-22818
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-4qjw-vx62-3vqx Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
| GHSA-95rw-fx8r-36v6 Cross-site Scripting in Django | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-6cw3-g6wv-c2xv Infinite Loop in Django | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ... | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ... | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу