Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 673
CVE-2011-0698
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ...
CVE-2011-0697
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
CVE-2011-0697
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...
CVE-2011-0696
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
CVE-2011-0696
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ...
CVE-2011-0697
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
CVE-2011-0696
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
CVE-2011-0698
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
CVE-2010-4535
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
CVE-2010-4535
The password reset functionality in django.contrib.auth in Django befo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2011-0698 Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ... | CVSS2: 7.5 | 1% Низкий | больше 14 лет назад |
 | CVE-2011-0697 Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. | CVSS2: 4.3 | 3% Низкий | больше 14 лет назад |
| CVE-2011-0697 Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ... | CVSS2: 4.3 | 3% Низкий | больше 14 лет назад |
| CVE-2011-0696 Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. | CVSS2: 6.8 | 3% Низкий | больше 14 лет назад |
| CVE-2011-0696 Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ... | CVSS2: 6.8 | 3% Низкий | больше 14 лет назад |
 | CVE-2011-0697 Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. | CVSS2: 4.3 | 3% Низкий | больше 14 лет назад |
| CVE-2011-0696 Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. | CVSS2: 6.8 | 3% Низкий | больше 14 лет назад |
| CVE-2011-0698 Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. | CVSS2: 7.5 | 1% Низкий | больше 14 лет назад |
| CVE-2010-4535 The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | CVSS2: 5 | 5% Низкий | больше 14 лет назад |
| CVE-2010-4535 The password reset functionality in django.contrib.auth in Django befo ... | CVSS2: 5 | 5% Низкий | больше 14 лет назад |
Уязвимостей на страницу