VuXML ID | Description |
597d02ce-a66c-11ea-af32-080027846a02 | Django -- multiple vulnerabilities
Django security release reports:
CVE-2020-13254: Potential data leakage via malformed memcached keys
In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data leakage.
In order to avoid this vulnerability, key validation is added to the memcached
cache backends.
CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
Query parameters for the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query
parameters are correctly URL encoded.
Discovery 2020-06-01 Entry 2020-06-04 py36-django22
py37-django22
py38-django22
< 2.2.13
py36-django30
py37-django30
py38-django30
< 3.0.7
https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
CVE-2020-13254
CVE-2020-13596
|
002432c8-ef6a-11ea-ba8f-08002728f74c | Django -- multiple vulnerabilities
Django Release notes:
CVE-2020-24583: Incorrect permissions on intermediate-level directories
on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied
to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using
the collectstatic management command.
CVE-2020-24584: Permission escalation in intermediate-level directories
of the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system
cache had the system's standard umask rather than 0o077 (no group or
others permissions).
Discovery 2020-09-01 Entry 2020-09-05 py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.16
py36-django30
py37-django30
py38-django30
< 3.0.10
py36-django31
py37-django31
py38-django31
< 3.1.1
https://docs.djangoproject.com/en/2.2/releases/2.2.16/
https://docs.djangoproject.com/en/3.0/releases/3.0.10/
https://docs.djangoproject.com/en/3.1/releases/3.1.1/
CVE-2020-24583
CVE-2020-24584
|
5a45649a-4777-11ea-bdec-08002728f74c | Django -- potential SQL injection vulnerability
MITRE CVE reports:
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3
allows SQL Injection if untrusted data is used as a StringAgg delimiter
(e.g., in Django applications that offer downloads of data as a series
of rows with a user-specified column delimiter). By passing a suitably
crafted delimiter to a contrib.postgres.aggregates.StringAgg instance,
it was possible to break escaping and inject malicious SQL.
Discovery 2020-02-03 Entry 2020-02-04 py27-django111
py35-django111
py36-django111
py37-django111
py38-django111
< 1.11.28
py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.10
py36-django30
py37-django30
py38-django30
< 3.0.3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
https://docs.djangoproject.com/en/1.11/releases/1.11.28/
https://docs.djangoproject.com/en/2.2/releases/2.2.10/
https://docs.djangoproject.com/en/3.0/releases/3.0.3/
CVE-2020-7471
|
1685144e-63ff-11ea-a93a-080027846a02 | Django -- potential SQL injection vulnerability
MITRE CVE reports:
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4
allows SQL Injection if untrusted data is used as a tolerance parameter
in GIS functions and aggregates on Oracle. By passing a suitably crafted
tolerance to GIS functions and aggregates on Oracle, it was possible to
break escaping and inject malicious SQL.
Discovery 2020-02-25 Entry 2020-03-12 py27-django111
py35-django111
py36-django111
py37-django111
py38-django111
< 1.11.29
py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.11
py36-django30
py37-django30
py38-django30
< 3.0.4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
CVE-2020-9402
|
d3e023fb-6e88-11ec-b948-080027240888 | Django -- multiple vulnerabilities
Django Release reports:
CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.
CVE-2021-45116: Potential information disclosure in dictsort template filter.
CVE-2021-45452: Potential directory-traversal via Storage.save().
Discovery 2021-12-20 Entry 2022-01-06 py37-django22
py38-django22
py39-django22
< 2.2.26
py37-django32
py38-django32
py39-django32
< 3.2.11
py37-django40
py38-django40
py39-django40
< 4.0.1
CVE-2021-45115
CVE-2021-45116
CVE-2021-45452
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
|
ffc73e87-87f0-11e9-ad56-fcaa147e860e | Django -- AdminURLFieldWidget XSS
Django security releases issued:
The clickable "Current URL" link generated by AdminURLFieldWidget displayed the
provided value without validating it as a safe URL. Thus, an unvalidated value stored
in the database, or a value provided as a URL query parameter payload, could result
in an clickable JavaScript link..
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype
pollution. If an unsanitized source object contained an enumerable __proto__ property,
it could extend the native Object.prototype.
Discovery 2019-06-03 Entry 2019-06-06 py27-django111
py35-django111
py36-django111
py37-django111
< 1.11.21
py35-django21
py36-django21
py37-django21
< 2.1.9
py35-django22
py36-django22
py37-django22
< 2.2.2
CVE-2019-12308
CVE-2019-11358
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
|
6e65dfea-b614-11e9-a3a2-1506e15611cc | Django -- multiple vulnerabilities
Django release notes:
CVE-2019-14232: Denial-of-service possibility in
django.utils.text.Truncator
If django.utils.text.Truncator's chars() and words() methods were
passed the html=True argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a
regular expression. The chars() and words() methods are used to
implement the truncatechars_html and truncatewords_html template
filters, which were thus vulnerable
The regular expressions used by Truncator have been simplified in
order to avoid potential backtracking issues. As a consequence, trailing
punctuation may now at times be included in the truncated output.
CVE-2019-14233: Denial-of-service possibility in strip_tags()
Due to the behavior of the underlying HTMLParser,
django.utils.html.strip_tags() would be extremely slow to evaluate
certain inputs containing large sequences of nested incomplete HTML
entities. The strip_tags() method is used to implement the corresponding
striptags template filter, which was thus also vulnerable.
strip_tags() now avoids recursive calls to HTMLParser when progress
removing tags, but necessarily incomplete HTML entities, stops being
made.
Remember that absolutely NO guarantee is provided about the results of
strip_tags() being HTML safe. So NEVER mark safe the result of a
strip_tags() call without escaping it first, for example with
django.utils.html.escape().
CVE-2019-14234: SQL injection possibility in key and index lookups for
JSONField/HStoreField
Key and index lookups for JSONField and key lookups for HStoreField
were subject to SQL injection, using a suitably crafted dictionary,
with dictionary expansion, as the **kwargs passed to QuerySet.filter().
CVE-2019-14235: Potential memory exhaustion in
django.utils.encoding.uri_to_iri()
If passed certain inputs, django.utils.encoding.uri_to_iri() could lead
to significant memory usage due to excessive recursion when
re-percent-encoding invalid UTF-8 octet sequences.
uri_to_iri() now avoids recursion when re-percent-encoding invalid
UTF-8 octet sequences.
Discovery 2019-08-01 Entry 2019-08-03 py27-django111
py35-django111
py36-django111
py37-django111
< 1.11.23
py27-django21
py35-django21
py36-django21
py37-django21
< 2.1.11
py27-django22
py35-django22
py36-django22
py37-django22
< 2.2.4
https://docs.djangoproject.com/en/1.11/releases/1.11.23/
https://docs.djangoproject.com/en/2.1/releases/2.1.11/
https://docs.djangoproject.com/en/2.2/releases/2.2.4/
CVE-2019-14232
CVE-2019-14233
CVE-2019-14234
CVE-2019-14235
|
1766359c-ad6e-11eb-b2a4-080027e50e6d | Django -- multiple vulnerabilities
Django Release reports:
CVE-2021-31542:Potential directory-traversal via uploaded files.
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal
via uploaded files with suitably crafted file names.
Discovery 2021-04-22 Entry 2021-05-05 py36-django22
py37-django22
py38-django22
py39-django22
< 2.2.21
py36-django31
py37-django31
py38-django31
py39-django31
< 3.1.9
py36-django32
py37-django32
py38-django32
py39-django32
< 3.2.1
https://www.djangoproject.com/weblog/2021/may/04/security-releases/
CVE-2021-31542
|
4e3fa78b-1577-11ea-b66e-080027bdabe8 | Django -- multiple vulnerabilities
Django release reports:
CVE-2019-19118: Privilege escalation in the Django admin.
Since Django 2.1, a Django model admin displaying a parent model with related
model inlines, where the user has view-only permissions to a parent model but
edit permissions to the inline model, would display a read-only view of the parent
model but editable forms for the inline.
Submitting these forms would not allow direct edits to the parent model, but would
trigger the parent model's save() method, and cause pre and post-save signal handlers
to be invoked. This is a privilege escalation as a user who lacks permission to edit
a model should not be able to trigger its save-related signals.
Discovery 2019-11-25 Entry 2019-12-03 py35-django21
py36-django21
py37-django21
py38-django21
< 2.1.15
py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.8
https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
CVE-2019-19118
|
0db46f84-b9fa-11ec-89df-080027240888 | Django -- multiple vulnerabilities
Django Release reports:
CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra().
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.
Discovery 2022-04-02 Entry 2022-04-12 py37-django22
py38-django22
py39-django22
py310-django22
< 2.2.28
py37-django32
py38-django32
py39-django32
py310-django32
< 3.2.13
py38-django40
py39-django40
py310-django40
< 4.0.4
CVE-2022-28346
CVE-2022-28347
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
|
b805d7b4-9c0c-11e9-97f0-000c29e96db4 | Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Django security releases issued:
When deployed behind a reverse-proxy connecting to Django via HTTPS,
django.http.HttpRequest.scheme would incorrectly detect client requests
made via HTTP as using HTTPS. This entails incorrect results for is_secure(),
and build_absolute_uri(), and that HTTP requests would not be redirected to
HTTPS in accordance with SECURE_SSL_REDIRECT.
Discovery 2019-07-01 Entry 2019-07-01 py27-django111
py35-django111
py36-django111
py37-django111
< 1.11.22
py35-django21
py36-django21
py37-django21
< 2.1.10
py35-django22
py36-django22
py37-django22
< 2.2.3
CVE-2019-12781
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
|