Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVE-2022-34265
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
GHSA-5h2q-4hrp-v9rr
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
GHSA-78vx-ggch-wghm
Django Allows Redirect via Data URL
GHSA-59w8-4wm2-4xw8
Django Image Field Vulnerable to Image Decompression Bombs
GHSA-2655-q453-22f9
Django Allows Arbitrary URL Generation
GHSA-vjjp-9r83-22rc
Django Directory Traversal via ssi template tag
GHSA-4c42-4rxm-x6qf
Django Denial of Service Vulnerability in the authentication framework
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 93% Критический | больше 3 лет назад |
| CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ... | CVSS3: 9.8 | 93% Критический | больше 3 лет назад |
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 93% Критический | больше 3 лет назад |
 | CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | CVSS3: 9.8 | 93% Критический | больше 3 лет назад |
| GHSA-5h2q-4hrp-v9rr Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-78vx-ggch-wghm Django Allows Redirect via Data URL | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-59w8-4wm2-4xw8 Django Image Field Vulnerable to Image Decompression Bombs | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| GHSA-2655-q453-22f9 Django Allows Arbitrary URL Generation | CVSS3: 7.5 | 4% Низкий | больше 3 лет назад |
| GHSA-vjjp-9r83-22rc Django Directory Traversal via ssi template tag | CVSS3: 8.6 | 1% Низкий | больше 3 лет назад |
| GHSA-4c42-4rxm-x6qf Django Denial of Service Vulnerability in the authentication framework | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу