Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 751
GHSA-g8xg-jgj6-49r3
Django is vulnerable to Denial of Service attack in formset
GHSA-p6m5-h7pp-v2x5
Django Regex Algorithmic Complexity Causes Denial of Service
GHSA-9xg7-gg9m-rmq9
Django Admin Media Handler Vulnerable to Directory Traversal
GHSA-r5cj-wv24-92p5
Django cross-site request forgery (CSRF) vulnerability
GHSA-54qj-48vx-cr9f
Django Cross-site scripting (XSS) vulnerability
GHSA-pjc8-j97x-hp3p
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.
GHSA-9v8h-57gv-qch6
Django vulnerable to Denial of Service via i18n middleware component
GHSA-mwv2-398h-v489
Django Improper Access Control
GHSA-qc99-g3wm-hgxr
Django Arbitrary Code Execution
GHSA-w24h-v9qh-8gxj
SQL Injection in Django
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-g8xg-jgj6-49r3 Django is vulnerable to Denial of Service attack in formset | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-p6m5-h7pp-v2x5 Django Regex Algorithmic Complexity Causes Denial of Service | CVSS3: 7.5 | 6% Низкий | почти 4 года назад |
| GHSA-9xg7-gg9m-rmq9 Django Admin Media Handler Vulnerable to Directory Traversal | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| GHSA-r5cj-wv24-92p5 Django cross-site request forgery (CSRF) vulnerability | CVSS3: 7.5 | 0% Низкий | почти 4 года назад |
| GHSA-54qj-48vx-cr9f Django Cross-site scripting (XSS) vulnerability | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| GHSA-pjc8-j97x-hp3p ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module. | 0% Низкий | почти 4 года назад | |
| GHSA-9v8h-57gv-qch6 Django vulnerable to Denial of Service via i18n middleware component | CVSS3: 5.9 | 2% Низкий | почти 4 года назад |
| GHSA-mwv2-398h-v489 Django Improper Access Control | 1% Низкий | почти 4 года назад | |
| GHSA-qc99-g3wm-hgxr Django Arbitrary Code Execution | 1% Низкий | почти 4 года назад | |
| GHSA-w24h-v9qh-8gxj SQL Injection in Django | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу