Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 679
GHSA-2m34-jcjv-45xf
XSS in Django
GHSA-wpjr-j57x-wxfw
Data leakage via cache key collision in Django
GHSA-3gh2-xw74-jmcw
SQL injection in Django
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...
CVE-2020-13254
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVE-2020-13254
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...
CVE-2020-13254
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-2m34-jcjv-45xf XSS in Django | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
| GHSA-wpjr-j57x-wxfw Data leakage via cache key collision in Django | CVSS3: 5.9 | 11% Средний | около 5 лет назад |
| GHSA-3gh2-xw74-jmcw SQL injection in Django | CVSS3: 8.8 | 59% Средний | около 5 лет назад |
 | CVE-2020-13596 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
| CVE-2020-13596 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ... | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
| CVE-2020-13254 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | CVSS3: 5.9 | 11% Средний | около 5 лет назад |
| CVE-2020-13254 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ... | CVSS3: 5.9 | 11% Средний | около 5 лет назад |
 | CVE-2020-13254 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | CVSS3: 5.9 | 11% Средний | около 5 лет назад |
| CVE-2020-13596 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | CVE-2020-13596 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. | CVSS3: 6.5 | 1% Низкий | около 5 лет назад |
Уязвимостей на страницу