Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 673
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
BDU:2021-03754
Уязвимость метода django.utils.archive.extract фреймворка Django, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
CVE-2020-24583
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
CVE-2020-24583
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
CVE-2020-24583
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ... | CVSS3: 5.3 | 33% Средний | больше 4 лет назад |
 | CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. | CVSS3: 5.3 | 33% Средний | больше 4 лет назад |
 | CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. | CVSS3: 5.3 | 33% Средний | больше 4 лет назад |
 | BDU:2021-03754 Уязвимость метода django.utils.archive.extract фреймворка Django, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.3 | 33% Средний | больше 4 лет назад |
 | CVE-2020-24584 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | CVSS3: 7.5 | 2% Низкий | почти 5 лет назад |
| CVE-2020-24584 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ... | CVSS3: 7.5 | 2% Низкий | почти 5 лет назад |
| CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | CVSS3: 7.5 | 3% Низкий | почти 5 лет назад |
| CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ... | CVSS3: 7.5 | 3% Низкий | почти 5 лет назад |
| CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | CVSS3: 7.5 | 3% Низкий | почти 5 лет назад |
| CVE-2020-24584 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | CVSS3: 7.5 | 2% Низкий | почти 5 лет назад |
Уязвимостей на страницу