Vulnerability	Vulnerable Version
C Class Pollution django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Class Pollution in the `set_property_value()` function. An attacker can manipulate the Python runtime environment and trigger unintended behaviors by providing malicious values in a component request. The `property_name` parameter accepts directory-traversing pathname values, which the attacker can use to point to an arbitrary location in the Python runtime, and the `property_value` can hold an arbitrary malicious value, including a global (`__`/dunder) property. Several kinds of undesirable impact have been demonstrated based on the manipulation of other modules by polluting their dependency paths in this way. Impacts include cross-site scripting, denial of service and authentication bypass by overwriting a secret key. How to fix Class Pollution? Upgrade `django-unicorn` to version 0.62.0 or higher.	[,0.62.0)
M Cross-site Scripting (XSS) django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to incomplete sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. How to fix Cross-site Scripting (XSS)? Upgrade `django-unicorn` to version 0.36.1 or higher.	[,0.36.1)
M Cross-site Scripting (XSS) django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via `component.name`. How to fix Cross-site Scripting (XSS)? Upgrade `django-unicorn` to version 0.36.1 or higher.	[,0.36.1)

Go back to all versions of this package