Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 679
BDU:2022-00353
Уязвимость функция Storage.save() фреймворка для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальной информации
GHSA-v6rh-hp5x-86rv
Potential bypass of an upstream access control based on URL paths in Django
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
GHSA-xpfp-f569-q3p2
SQL Injection in Django
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2022-00353 Уязвимость функция Storage.save() фреймворка для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-v6rh-hp5x-86rv Potential bypass of an upstream access control based on URL paths in Django | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ... | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44420 In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-xpfp-f569-q3p2 SQL Injection in Django | CVSS3: 9.8 | 7% Низкий | почти 4 года назад |
| CVE-2021-35042 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | CVSS3: 9.8 | 7% Низкий | около 4 лет назад |
| CVE-2021-35042 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ... | CVSS3: 9.8 | 7% Низкий | около 4 лет назад |
| CVE-2021-35042 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | CVSS3: 9.8 | 7% Низкий | около 4 лет назад |
Уязвимостей на страницу