Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 679
CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
CVE-2016-2512
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ...
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
BDU:2016-00527
Уязвимость программной платформы для веб-приложений Django, позволяющая нарушителю обойти существующие ограничения доступа
CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x bef ...
CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-2513 The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | CVSS2: 4.3 | 1% Низкий | больше 9 лет назад |
| CVE-2016-2512 The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. | CVSS2: 5.8 | 0% Низкий | больше 9 лет назад |
 | CVE-2016-2048 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-2048 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ... | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
 | CVE-2016-2048 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
 | BDU:2016-00527 Уязвимость программной платформы для веб-приложений Django, позволяющая нарушителю обойти существующие ограничения доступа | CVSS2: 6 | 0% Низкий | больше 9 лет назад |
| CVE-2016-2048 Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | CVSS2: 3.5 | 0% Низкий | больше 9 лет назад |
| CVE-2015-8213 The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. | CVSS2: 5 | 3% Низкий | больше 9 лет назад |
| CVE-2015-8213 The get_format function in utils/formats.py in Django before 1.7.x bef ... | CVSS2: 5 | 3% Низкий | больше 9 лет назад |
| CVE-2015-8213 The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. | CVSS2: 5 | 3% Низкий | больше 9 лет назад |
Уязвимостей на страницу