Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django

Вендор: djangoproject

График релизов

Недавние уязвимости Django

Количество 775

CVE-2007-0405

около 19 лет назад

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

CVSS2: 6.5

EPSS: Низкий

CVE-2007-0404

около 19 лет назад

bin/compile-messages.py in Django 0.95 does not quote argument strings ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-0405

около 19 лет назад

The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...

CVSS2: 6.5

EPSS: Низкий

CVE-2007-0404

около 19 лет назад

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-0405

около 19 лет назад

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

CVSS2: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-0405 The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.	CVSS2: 6.5	1% Низкий	около 19 лет назад
CVE-2007-0404 bin/compile-messages.py in Django 0.95 does not quote argument strings ...	CVSS2: 7.5	1% Низкий	около 19 лет назад
CVE-2007-0405 The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...	CVSS2: 6.5	1% Низкий	около 19 лет назад
CVE-2007-0404 bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.	CVSS2: 7.5	1% Низкий	около 19 лет назад
CVE-2007-0405 The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.	CVSS2: 6.5	1% Низкий	около 19 лет назад

Уязвимостей на страницу