python-django vulnerabilities

Known vulnerabilities in the python-django package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
C SQL Injection	<1:1.10.7-2+deb9u16
M Cross-site Scripting (XSS)	<1:1.10.7-2+deb9u15
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.10.7-2+deb9u15
L CVE-2021-45115	*
L Directory Traversal	*
L Improper Input Validation	*
H Server-Side Request Forgery (SSRF)	<1:1.10.7-2+deb9u14
M Directory Traversal	<1:1.10.7-2+deb9u14
L Cross-site Scripting (XSS)	*
H Unrestricted Upload of File with Dangerous Type	<1:1.10.7-2+deb9u13
M Directory Traversal	<1:1.10.7-2+deb9u12
M HTTP Request Smuggling	<1:1.10.7-2+deb9u11
M Directory Traversal	<1:1.10.7-2+deb9u10
M Cross-site Scripting (XSS)	<1:1.10.7-2+deb9u9
M Improper Certificate Validation	<1:1.10.7-2+deb9u9
H SQL Injection	<1:1.10.7-2+deb9u17
C SQL Injection	<1:1.10.7-2+deb9u8
C Weak Password Recovery Mechanism for Forgotten Password	<1:1.10.7-2+deb9u7
H Resource Exhaustion	<1:1.10.7-2+deb9u6
C SQL Injection	<1:1.10.7-2+deb9u6
H Resource Exhaustion	<1:1.10.7-2+deb9u6
H Uncontrolled Recursion	<1:1.10.7-2+deb9u6
M Cleartext Transmission of Sensitive Information	<1:1.10.7-2+deb9u5
M Cross-site Scripting (XSS)	<1:1.10.7-2+deb9u5
H Allocation of Resources Without Limits or Throttling	<1:1.10.7-2+deb9u5
M Improper Input Validation	<1:1.10.7-2+deb9u4
M Open Redirect	<1:1.10.7-2+deb9u2
M Incorrect Regular Expression	<1:1.10.7-2+deb9u1
M Incorrect Regular Expression	<1:1.10.7-2+deb9u1
M Cross-site Scripting (XSS)	<1:1.10.7-2+deb9u2
M Open Redirect	<1:1.10.7-1
M Open Redirect	<1:1.10.7-1
C Use of Hard-coded Credentials	<1:1.10.3-1
H Access Restriction Bypass	<1:1.10.3-1
L Security Features	<1:1.10-1
M Cross-site Scripting (XSS)	<1:1.9.8-1
L Information Exposure	<1.9.4-1
H Cross-site Scripting (XSS)	<1.9.4-1
M Improper Access Control	<1.9.2-1
M Information Exposure	<1.8.7-1
M Resource Management Errors	<1.7.10-1
M Resource Management Errors	<1.7.10-1
H Resource Management Errors	<1.7.9-1
M Improper Input Validation	<1.7.9-1
M Cross-site Scripting (XSS)	<1.7.7-1
M Resource Management Errors	<1.7.7-1
M Cross-site Scripting (XSS)	<1.7.6-1
M Code	<1.7.1-1.1
M Code	<1.7.1-1.1
M Cross-site Scripting (XSS)	<1.7.1-1.1
M Resource Management Errors	<1.7.1-1.1
M Improper Input Validation	<1.6.6-1
M Resource Management Errors	<1.6.6-1
L Access Restriction Bypass	<1.6.6-1
M Improper Authentication	<1.6.6-1
M CVE-2014-1418	<1.6.5-1
M Improper Input Validation	<1.6.5-1
C Resource Management Errors	<1.6.3-1
M Arbitrary Code Injection	<1.6.3-1
M Access Restriction Bypass	<1.6.3-1
M Cross-site Scripting (XSS)	<1.5.2-1
M Cross-site Scripting (XSS)	<1.5.2-1
M Improper Authentication	<1.5.4-1
M Directory Traversal	<1.5.3-1
M Information Exposure	<1.4.4-1
M Numeric Errors	<1.4.4-1
M Information Exposure	<1.4.4-1
M Improper Input Validation	<1.4.2-1
M Out-of-Bounds	<1.4.1-1
M Cross-site Scripting (XSS)	<1.4.1-1
M Improper Input Validation	<1.4.1-1
M Improper Input Validation	<1.3.1-1
M Improper Input Validation	<1.3.1-1
M Resource Management Errors	<1.3.1-1
M Cross-site Request Forgery (CSRF)	<1.3.1-1
M Improper Input Validation	<1.3.1-1
M Cross-site Scripting (XSS)	<1.2.5-1
M Cross-site Request Forgery (CSRF)	<1.2.5-1
M Improper Input Validation	<1.2.4-1
M Access Restriction Bypass	<1.2.4-1
L Cross-site Scripting (XSS)	<1.2.3-1
M CVE-2009-3695	<1.1.1-1
L Directory Traversal	<1.1-1
M Cross-site Request Forgery (CSRF)	<1.0-1
L Cross-site Scripting (XSS)	<0.96.2-1
L Cross-site Request Forgery (CSRF)	<1.2.1
L Resource Management Errors	<0.96-1.1
M CVE-2007-0405	<0.95.1-1
H CVE-2007-0404	<0.95.1-1

Vulnerability

Vulnerable Version

SQL Injection

<1:1.10.7-2+deb9u16

Cross-site Scripting (XSS)

<1:1.10.7-2+deb9u15

Loop with Unreachable Exit Condition ('Infinite Loop')

<1:1.10.7-2+deb9u15

CVE-2021-45115