Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
GHSA-jrh2-hc4r-7jwx
Directory-traversal in Django
GHSA-53qw-q765-4fww
Denial-of-service in Django
CVE-2021-45452
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
CVE-2021-45452
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...
CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
CVE-2021-45115
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
CVE-2021-45115
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
CVE-2021-45452
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jrh2-hc4r-7jwx Directory-traversal in Django | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| GHSA-53qw-q765-4fww Denial-of-service in Django | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
 | CVE-2021-45452 Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-45452 Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ... | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-45116 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-45116 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ... | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-45115 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-45115 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ... | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
 | CVE-2021-45452 Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-45116 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу