zettatips / django-first-blog Goto Github PK

Vulnerability Details

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

Publish Date: 2019-04-18

URL: CVE-2019-11324

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324

Release Date: 2019-04-18

Fix Resolution: 1.24.2

Vulnerability Details

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

Publish Date: 2020-03-05

URL: CVE-2020-9402

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402

Release Date: 2020-03-05

Fix Resolution: 1.11.29,2.2.11,3.0.4

Vulnerable Library - sqlparse0.3.0

A non-validating SQL parser module for Python

Library home page: https://github.com/andialbrecht/sqlparse.git

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/sqlparse/keywords.py

Vulnerability Details

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit c457abd5f. Users are advised to upgrade. There are no known workarounds for this issue.

Publish Date: 2023-04-18

URL: CVE-2023-30608

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-rrm6-wvj7-cwh2

Release Date: 2023-04-18

Fix Resolution: sqlparse - 0.4.4

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/utils/html.py

Vulnerability Details

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.

Publish Date: 2019-08-02

URL: CVE-2019-14233

CVSS 3 Score Details (2.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233

Release Date: 2019-08-02

Fix Resolution: 1.11.23,2.1.11,2.2.4

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_internal/download.py

Vulnerability Details

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Publish Date: 2020-09-04

URL: CVE-2019-20916

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20916

Release Date: 2020-09-04

Fix Resolution: 19.2

Vulnerability Details

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
Mend Note: After conducting further research, Mend has determined that all versions of Django before version 3.2.14 and before 4.0.6 are vulnerable to CVE-2022-34265.

Publish Date: 2022-07-04

URL: CVE-2022-34265

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/

Release Date: 2022-07-04

Fix Resolution: Django - 3.2.14,4.0.6

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in base branch: master

Vulnerable Source Files (2)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_vendor/urllib3/util/retry.py
/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_vendor/urllib3/util/retry.py

Vulnerability Details

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

Publish Date: 2023-10-04

URL: CVE-2023-43804

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-43804

Release Date: 2023-10-04

Fix Resolution: urllib3 - 1.26.17,2.0.6

Vulnerability Details

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

Publish Date: 2023-10-15

URL: CVE-2018-25091

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Release Date: 2023-10-15

Fix Resolution: urllib3 - 1.24.2

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Publish Date: 2020-06-03

URL: CVE-2020-13254

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/

Release Date: 2020-06-03

Fix Resolution: 3.0.7,2.2.13

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Publish Date: 2019-03-13

URL: CVE-2019-9740

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740

Release Date: 2019-03-13

Fix Resolution: v2.7.17,v3.5.8,v3.6.9,3.7.4,3.7.5

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_vendor/urllib3/connection.py

Vulnerability Details

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Publish Date: 2020-09-30

URL: CVE-2020-26137

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137

Release Date: 2020-09-30

Fix Resolution: 1.25.9

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

Publish Date: 2021-05-06

URL: CVE-2021-32052

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052

Release Date: 2021-05-06

Fix Resolution: Django - 2.2.22,3.1.10,3.2.2

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/core/files/storage.py

Vulnerability Details

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

Publish Date: 2022-01-05

URL: CVE-2021-45452

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

Release Date: 2022-01-05

Fix Resolution: Django - 2.2.26,3.2.11,4.0.1

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Publish Date: 2019-08-02

URL: CVE-2019-14232

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

Release Date: 2019-08-02

Fix Resolution: 1.11.23,2.1.11,2.2.4

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/db/models/sql/query.py

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Publish Date: 2022-04-12

URL: CVE-2022-28346

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2022-04-12

Fix Resolution: Django - 2.2.28,3.2.13,4.0.4

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/template/defaultfilters.py

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Publish Date: 2022-01-05

URL: CVE-2021-45116

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

Release Date: 2022-01-05

Fix Resolution: Django - 2.2.26,3.2.11,4.0.1

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

Publish Date: 2021-06-08

URL: CVE-2021-33203

CVSS 3 Score Details (4.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://docs.djangoproject.com/en/3.2/releases/security/

Release Date: 2021-06-08

Fix Resolution: Django - 2.2.24, 3.1.12, 3.2.4

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/utils/encoding.py

Vulnerability Details

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Publish Date: 2019-08-02

URL: CVE-2019-14235

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235

Release Date: 2019-08-02

Fix Resolution: 1.11.23,2.1.11,2.2.4

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_internal/vcs/mercurial.py

Vulnerability Details

When installing a package from a Mercurial VCS URL (ie "pip install
hg+...") with pip prior to v23.3, the specified Mercurial revision could
be used to inject arbitrary configuration options to the "hg clone"
call (ie "--config"). Controlling the Mercurial configuration can modify
how and which repository is installed. This vulnerability does not
affect users who aren't installing from Mercurial.

Publish Date: 2023-10-25

URL: CVE-2023-5752

CVSS 3 Score Details (3.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-5752

Release Date: 2023-10-25

Fix Resolution: pip - 23.3

Vulnerability Details

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

Publish Date: 2020-02-03

URL: CVE-2020-7471

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471

Release Date: 2020-06-19

Fix Resolution: 1.11.28,2.2.10,3.0.3

Vulnerability Details

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.

Publish Date: 2019-08-09

URL: CVE-2019-14234

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/

Release Date: 2019-08-09

Fix Resolution: 2.2.4, 2.1.11, 1.11.23

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (2)

/venv/Lib/site-packages/django/urls/resolvers.py
/venv/Lib/site-packages/django/urls/resolvers.py

Vulnerability Details

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Publish Date: 2021-12-08

URL: CVE-2021-44420

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

Suggested Fix

Type: Upgrade version

Origin: https://docs.djangoproject.com/en/3.2/releases/security/

Release Date: 2021-12-08

Fix Resolution: Django - 2.2.25,3.1.14,3.2.10

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/http/multipartparser.py

Vulnerability Details

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

Publish Date: 2021-04-06

URL: CVE-2021-28658

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658

Release Date: 2021-04-06

Fix Resolution: django-2.2.20, 3.0.14, 3.1.8, 3.2

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/core/cache/backends/filebased.py

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

Publish Date: 2020-09-01

URL: CVE-2020-24584

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2020/sep/01/security-releases/

Release Date: 2020-09-01

Fix Resolution: 2.2.16,3.0.10,3.1.1

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/contrib/admin/options.py

Vulnerability Details

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)

Publish Date: 2019-12-02

URL: CVE-2019-19118

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118

Release Date: 2019-12-02

Fix Resolution: 2.1.15,2.2.8

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/http/multipartparser.py

Vulnerability Details

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Publish Date: 2022-02-03

URL: CVE-2022-23833

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

Release Date: 2022-02-03

Fix Resolution: Django - 2.2.27,3.2.12,4.0.2

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Publish Date: 2020-06-03

URL: CVE-2020-13596

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2020/jun/03/security-releases/

Release Date: 2020-06-03

Fix Resolution: 3.0.7,2.2.13

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

Publish Date: 2019-12-18

URL: CVE-2019-19844

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844

Release Date: 2019-12-18

Fix Resolution: 1.11.27;2.2.9;3.0.1

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/core/files/storage.py

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

Publish Date: 2020-09-01

URL: CVE-2020-24583

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2020/sep/01/security-releases/

Release Date: 2020-09-01

Fix Resolution: 2.2.16,3.0.10,3.1.1

Vulnerability Details

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.

Publish Date: 2022-04-12

URL: CVE-2022-28347

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347

Release Date: 2022-04-12

Fix Resolution: Django - 2.2.28,3.2.13,4.0.4

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_internal/vcs/git.py

Vulnerability Details

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Publish Date: 2021-11-10

URL: CVE-2021-3572

CVSS 3 Score Details (5.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://security.archlinux.org/CVE-2021-3572

Release Date: 2021-11-10

Fix Resolution: pip - 21.1

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_vendor/urllib3/util/url.py

Vulnerability Details

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Publish Date: 2019-04-15

URL: CVE-2019-11236

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-r64q-w8jr-g9qp

Release Date: 2019-04-15

Fix Resolution: urllib3 - 1.24.3

Vulnerability Details

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like POST) to GET as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with redirects=False and disable automatic redirects with redirects=False and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.

Publish Date: 2023-10-17

URL: CVE-2023-45803

CVSS 3 Score Details (4.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-g4mx-q9vg-27p4

Release Date: 2023-10-17

Fix Resolution: urllib3 - 1.26.18,2.0.7

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/template/defaulttags.py

Vulnerability Details

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Publish Date: 2022-02-03

URL: CVE-2022-22818

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/

Release Date: 2022-02-03

Fix Resolution: Django - 2.2.27,3.2.12,4.0.2

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/django/contrib/auth/password_validation.py

Vulnerability Details

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Publish Date: 2022-01-05

URL: CVE-2021-45115

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

Release Date: 2022-01-05

Fix Resolution: Django - 2.2.26,3.2.11,4.0.1

Vulnerable Library - sqlparse0.3.0

A non-validating SQL parser module for Python

Library home page: https://github.com/andialbrecht/sqlparse.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/sqlparse/filters/others.py

Vulnerability Details

StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments.

Publish Date: 2021-09-10

URL: WS-2021-0369

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-p5w8-wqhj-9hhf

Release Date: 2021-09-10

Fix Resolution: sqlparse - 0.4.2

Vulnerable Library - pythonPython-3.7.3

Python is a programming language that lets you work quickly and integrate systems more effectively.

Library home page: https://www.python.org/ftp/python/?wsslib=python

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerable Source Files (1)

/venv/Lib/site-packages/pip-19.0.3-py3.7.egg/pip/_vendor/urllib3/util/url.py

Vulnerability Details

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Publish Date: 2021-06-29

URL: CVE-2021-33503

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-q2q7-5pp4-w6pg

Release Date: 2021-06-29

Fix Resolution: urllib3 - 1.26.5

Vulnerability Details

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Publish Date: 2021-05-05

URL: CVE-2021-31542

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2021/may/04/security-releases/

Release Date: 2021-05-05

Fix Resolution: Django - 2.2.21,3.1.9,3.2.1

Vulnerable Library - django2.2.3

The Web framework for perfectionists with deadlines.

Library home page: https://github.com/django/django.git

Found in HEAD commit: 63fab47586aa018db6d1d4296fbab721644c2951

Found in base branch: master

Vulnerability Details

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

Publish Date: 2021-06-08

URL: CVE-2021-33571

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2021/jun/02/security-releases/

Release Date: 2021-06-08

Fix Resolution: Django - 2.2.24, 3.1.12, 3.2.4