Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 750
CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
GHSA-9r8w-6x8c-6jr9
Django vulnerable to XSS on 500 pages
GHSA-37hp-765x-j95x
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
GHSA-h4hv-m4h4-mhwg
Django open redirect
GHSA-r28v-mw67-m5p9
Django denial-of-service possibility in urlize and urlizetrunc template filters
GHSA-2f9x-5v75-3qv4
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
BDU:2019-01260
Уязвимость библиотеки Django для языка программирования Python, позволяющая нарушителю нарушить целостность защищаемой информации
GHSA-5hg3-6c2f-f3wr
Django open redirect
GHSA-rf4j-j272-fj86
Django vulnerable to information leakage in AuthenticationForm
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-3498 In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | CVSS3: 6.5 | 1% Низкий | около 7 лет назад |
 | CVE-2019-3498 In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | CVSS3: 4.3 | 1% Низкий | около 7 лет назад |
| GHSA-9r8w-6x8c-6jr9 Django vulnerable to XSS on 500 pages | CVSS3: 6.1 | 17% Средний | около 7 лет назад |
| GHSA-37hp-765x-j95x Django open redirect and possible XSS attack via user-supplied numeric redirect URLs | CVSS3: 6.1 | 1% Низкий | около 7 лет назад |
| GHSA-h4hv-m4h4-mhwg Django open redirect | CVSS3: 6.1 | 0% Низкий | около 7 лет назад |
| GHSA-r28v-mw67-m5p9 Django denial-of-service possibility in urlize and urlizetrunc template filters | CVSS3: 5.3 | 1% Низкий | около 7 лет назад |
| GHSA-2f9x-5v75-3qv4 Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters | CVSS3: 5.3 | 1% Низкий | около 7 лет назад |
 | BDU:2019-01260 Уязвимость библиотеки Django для языка программирования Python, позволяющая нарушителю нарушить целостность защищаемой информации | CVSS3: 6.5 | 1% Низкий | около 7 лет назад |
| GHSA-5hg3-6c2f-f3wr Django open redirect | CVSS3: 6.1 | 10% Низкий | больше 7 лет назад |
| GHSA-rf4j-j272-fj86 Django vulnerable to information leakage in AuthenticationForm | CVSS3: 7.5 | 1% Низкий | больше 7 лет назад |
Уязвимостей на страницу