SQL InjectionAffected versions of this package are vulnerable to SQL Injection via the django.db.models.fields.json.HasKey lookup on Oracle, if untrusted data is used as a lhs value. An attacker can manipulate SQL queries and access or alter database information.
Note:
Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.
How to fix SQL Injection? Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.
| [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4) |
Command InjectionAffected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the strip_tags function and striptags template filter. An attacker can cause the application to consume excessive resources.
How to fix Command Injection? Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.
| [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4) |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate ; s, in the django.utils.html.urlize() and django.utils.html.urlizetrunc() template filter functions.
How to fix Denial of Service (DoS)? Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.
| [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1) |
Improper Check for Unusual or Exceptional ConditionsAffected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the django.contrib.auth.forms.PasswordResetForm class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes.
How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.
| [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1) |
SQL InjectionAffected versions of this package are vulnerable to SQL Injection via the QuerySet.values() and values_list() methods on models with a JSONField .
An attacker can exploit this vulnerability through column aliases by using a maliciously crafted JSON object object key as a passed *arg .
How to fix SQL Injection? Upgrade django to version 4.2.15, 5.0.8 or higher.
| |
Uncontrolled Resource ConsumptionAffected versions of this package are vulnerable to Uncontrolled Resource Consumption via the floatformat() template filter, when given a string representation of a number in scientific notation with a large exponent.
How to fix Uncontrolled Resource Consumption? Upgrade django to version 4.2.15, 5.0.8 or higher.
| |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget.
How to fix Denial of Service (DoS)? Upgrade django to version 4.2.15, 5.0.8 or higher.
| |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the urlize() and urlizetrunc() template filters.
How to fix Denial of Service (DoS)? Upgrade django to version 4.2.15, 5.0.8 or higher.
| |
Timing AttackAffected versions of this package are vulnerable to Timing Attack via the django.contrib.auth.backends.ModelBackend.authenticate() method. This allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords.
How to fix Timing Attack? Upgrade django to version 4.2.14, 5.0.7 or higher.
| |
Directory TraversalAffected versions of this package are vulnerable to Directory Traversal via the derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class. This allows potential access to out of scope data via certain inputs when calling save() method.
Note:
Built-in Storage sub-classes were not affected by this vulnerability.
How to fix Directory Traversal? Upgrade django to version 4.2.14, 5.0.7 or higher.
| |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) in django.utils.translation.get_supported_language_variant() function due to improper user input validation. An attacker can exploit this vulnerability by using very long strings containing specific characters. Exploiting this vulnerability could lead to a system crash.
How to fix Denial of Service (DoS)? Upgrade django to version 4.2.14, 5.0.7 or higher.
| |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) via the in django.utils.html.urlize() and django.utils.html.urlizetrunc() functions. If certain inputs with a very large number of brackets are provided, this could lead to a system crash.
How to fix Denial of Service (DoS)? Upgrade django to version 4.2.14, 5.0.7 or higher.
| |
Regular Expression Denial of Service (ReDoS)Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words() , whose performance can be degraded when processing a malicious input involving repeated < characters.
Note:
The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.
How to fix Regular Expression Denial of Service (ReDoS)? Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.
| [,3.2.25)[4.0a1,4.2.11)[5.0a1,5.0.3) |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField . A potential attack can be executed via certain inputs with a very large number of Unicode characters.
Note: This vulnerability is only exploitable on Windows systems.
How to fix Denial of Service (DoS)? Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.
| [,3.2.23)[4.0a1,4.1.13)[4.2a1,4.2.7) |
Regular Expression Denial of Service (ReDoS)Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.
How to fix Regular Expression Denial of Service (ReDoS)? Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.
| [,3.2.22)[4.0,4.1.12)[4.2,4.2.6) |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.
How to fix Denial of Service (DoS)? Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.
| [,3.2.21)[4.0a1,4.1.11)[4.2a1,4.2.5) |
Regular Expression Denial of Service (ReDoS)Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.
How to fix Regular Expression Denial of Service (ReDoS)? Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.
| [,3.2.20)[4.0a1,4.1.10)[4.2a1,4.2.3) |
Arbitrary File UploadAffected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField .
How to fix Arbitrary File Upload? Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.
| [,3.2.19)[4.1a1,4.1.9)[4.2a1,4.2.1) |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py . An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.
How to fix Denial of Service (DoS)? Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.
| [,3.2.18)[4.0a1,4.0.10)[4.1a1,4.1.7) |
Reflected File Download (RFD)Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
How to fix Reflected File Download (RFD)? Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.
| [,3.2.15)[4.0a1,4.0.7)[4.1rc1,4.1) |
SQL InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.
Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.
How to fix SQL Injection? Upgrade Django to version 3.2.14, 4.0.6 or higher.
| |
SQL InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL .
How to fix SQL Injection? Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.
| [,2.2.28)[3.0,3.2.13)[4.0,4.0.4) |
SQL InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate() , aggregate() , and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.
How to fix SQL Injection? Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.
| [,2.2.28)[3.0,3.2.13)[4.0,4.0.4) |
Cross-site Scripting (XSS)Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.
How to fix Cross-site Scripting (XSS)? Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.
| [,2.2.27)[3.0,3.2.12)[4.0,4.0.2) |
Denial of Service (DoS)Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.
How to fix Denial of Service (DoS)? Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.
| [,2.2.27)[3.0,3.2.12)[4.0,4.0.2) |
Directory TraversalDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Directory Traversal via Storage.save() .
Note: this is exploitable only if crafted file names are being directly passed to the save function..
How to fix Directory Traversal? Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.
| [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Information ExposureDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.
Note: all untrusted user input should be validated before use.
How to fix Information Exposure? Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.
| [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Denial of Service (DoS)Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator , when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator .
Note: it is exploitable under the assumption that access to user registration is unrestricted.
How to fix Denial of Service (DoS)? Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.
| [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Access Restriction BypassDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
How to fix Access Restriction Bypass? Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.
| [,2.2.25)[3.0,3.1.14)[3.2,3.2.10) |
Directory TraversalDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Directory Traversal via admindocs TemplateDetailView .
How to fix Directory Traversal? Upgrade Django to version 3.2.4, 3.1.12, 2.2.24 or higher.
| [3.2,3.2.4)[3.1,3.1.12)[,2.2.24) |
HTTP Header InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid.
This issue was introduced by the bpo-43882 fix.
How to fix HTTP Header Injection? Upgrade Django to version 3.2.2, 3.1.10, 2.2.22 or higher.
| [3.2,3.2.2)[3.0,3.1.10)[,2.2.22) |
Directory TraversalDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser , UploadedFile , and FieldFile allow directory-traversal via uploaded files with suitably crafted file names.
How to fix Directory Traversal? Upgrade Django to version 2.2.21, 3.1.9, 3.2.1 or higher.
| [,2.2.21)[3.0,3.1.9)[3.2,3.2.1) |
SQL InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to SQL Injection via "tolerance" parameter in GIS functions and aggregates on Oracle.
How to fix SQL Injection? Upgrade Django to version 3.0.4, 2.2.11, 1.11.29 or higher.
| [3.0,3.0.4)[2.2,2.2.11)[,1.11.29) |
Content SpoofingDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Content Spoofing. The default 404 page did not properly handle user-supplied data, an attacker could supply content to the web application, typically via a parameter value, that is reflected back to the user. This presented the user with a modified page under the context of the trusted domain.
How to fix Content Spoofing? Upgrade Django to version 1.11.18, 2.0.10, 2.1.5 or higher.
| [,1.11.18)[2.0.0,2.0.10)[2.1.0,2.1.5) |
Open Redirectdjango is a Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Open Redirect.
If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash, a malicious user could send a request to a crafted URL of that site that would lead to a redirect to another site.
How to fix Open Redirect? Upgrade django to versions 1.11.15, 2.0.8, 2.1 or higher.
| |
Open Redirectdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Open Redirect. A maliciously crafted URL to a Django site using the django.views.static.serve() view could redirect to any other domain.
How to fix Open Redirect? Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.
| [,1.8.18)[1.9,1.9.13)[1.10,1.10.7) |
Open Redirectdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Open Redirect. It relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url() ) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
How to fix Open Redirect? Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.
| [,1.8.18)[1.9,1.9.13)[1.10,1.10.7) |
DNS Rebindingdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to DNS Rebinding attacks. When settings.DEBUG is set to True , it fails to validate the HTTP Host header against settings.ALLOWED_HOSTS making it possible to manipulate the host header. This is at least cross-site scripting vector, which could be quite serious if developers load a copy of the production database in development or connect to some production services for which there's no development instance. Also, if a project uses a package like the django-debug-toolbar , the attacker could also execute arbitrary SQL.
| [,1.8.16)[1.9,1.9.11)[1.10,1.10.3) |
Use of hardcoded DB passworddjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package used a hardcoded password for a temporary database user created when running tests with an Oracle database. This user is usually dropped after the test suite completes, but not when using the manage.py test --keepdb option or if the user has an active session. This makes it easier for remote attackers to obtain access to the database.
| [,1.8.16)[1.9,1.9.11)[1.10,1.10.3) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. An attacker may conduct an attack upon deserialization of an XML object. This vulnerability is related to CVE-2013-1664.
| |
Cross-site Request Forgery (CSRF)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks. The cookie parsing code, when used on a site with Google Analytics, may allow remote attackers to set arbitrary cookies leading to a bypass of CSRF protection.
| |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The dismissChangeRelatedObjectPopup function uses Javascript's Element.innerHTML in an unsafe manner. This allows remote attackers to forge content in the admin's add/change popup.
| |
Timing Attackdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Timing attacks. There is a timing difference between a login request for a user with a password encoded in an older number of iterations and login request for a nonexistent user (which runs the default hasher's default number of iterations). This only affects users who haven't logged in since the iterations were increased in Django 1.6.
| |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The utils.http.is_safe_url function allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct Cross-site Scripting (XSS) attacks via a URL containing basic authentication. For example, a URL like http://mysite.example.com\@attacker.com would be considered safe if the request's host is http://mysite.example.com , but redirecting to this URL sends the user to attacker.com.
| |
Information Exposuredjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Information Exposure. It is possible for a user to specify the date format and pass it to the date filter, e.g. {{ last_updated|date:user_date_format }} . An attacker could send a settings key instead of a date format (like SECRET_KEY ), and obtain any secret in the application's settings.
How to fix Information Exposure? Upgrade django to versions 1.7.11, 1.8.7 or higher.
| |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. If a large number of requests were made to contrib.auth.views.logout , it would trigger the creation of an empty session records, causing high session store consumption.
How to fix Denial of Service (DoS)? Upgrade django to versions 1.8.4, 1.7.0, 1.4.22 or higher.
| [,1.4.22)[1.5,1.7.10)[1.8,1.8.4) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The contrib.sessions.backends.base.SessionBase.flush and cache_db.SessionStore.flush functions create empty sessions causing session store consumption.
How to fix Denial of Service (DoS)? Upgrade django to versions 1.8.4, 1.7.0, 1.4.22 or higher.
| [,1.4.22)[1.5,1.7.10)[1.8,1.8.4) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. When sending multiple requests with unique session keys, the session backends create new empty records in the session storage, which can fill the session store.
How to fix Denial of Service (DoS)? Upgrade django to versions 1.8.3, 1.7.9, 1.4.21 or higher.
| [,1.4.21)[1.5,1.7.9)[1.8,1.8.3) |
HTTP Response Splittingdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to HTTP Response Splitting attacks due to the use of an incorrect regular expression. It allows newline characters in email messages (to the EmailValidator ), in URLs (to the URLValidator ), or other instances. An attacker can leverage this to inject arbitrary headers and conduct HTTP response splitting attacks.
| [,1.4.21)[1.5,1.7.9)[1.8,1.8.3) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to a Denial of Service (DoS) attacks. When an inputing a long string into the utils.html.strip_tags function, an infinite loop occurs.
Note: This occurs only when using Python <2.7.7 or =3.3.5.
| [,1.4.20)[1.5,1.6.11)[1.7,1.7.7) |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The utils.http.is_safe_url function did not properly validate URLs, allowing the execustion of URLs of the sort: \x08javascript: URL .
| [,1.4.20)[1.5,1.6.11)[1.7,1.7.7) |
WSGI Header Spoofingdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to WSGI header spoofing. A malicious user could exploit this vulnerability by using an _ character instead of a - in an HTTP header. In the WSGI environ, the X-Auth-User and the X-Auth_User headers are both converted to HTTP_X_Auth_User , allowing the attacker to bypass the protection.
| [,1.4.18)[1.5,1.6.10)[1.7,1.7.3) |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The is_safe_url() function did not properly handle leading whitespaces, which allows remote attackers to craft URLs like \njavascript: .
| [,1.4.18)[1.5,1.6.10)[1.7,1.7.3) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The serve() view reads files an entire line at a time, which allows remote attackers to cause high memory consumption via a long line in a file.
| [,1.4.18)[1.5,1.6.10)[1.7,1.7.3) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. When a form uses show_hidden_initial=True and ModelMultipleChoiceField , An attacker may cause a large number of SQL queries by submitting duplicate values for the field's data.
| [,1.4.18)[1.5,1.6.10)[1.7,1.7.3) |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks.The default configuration for the file upload handling uses a sequential file name generation process when a file with a conflicting name is uploaded. An attackers can cause high CPU consumption by uploading multiple files with the same name.
| [,1.4.14)[1.5,1.5.9)[1.6,1.6.6) |
Information Exposuredjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Information Exposure. The administrative interface (contrib.admin ) does not check if a field represents a relationship between models. This allows remote authenticated users to obtain sensitive information via the to_field parameter in a popup action to an admin change form page.
| [,1.4.14)[1.5,1.5.9)[1.6,1.6.6) |
Malicious Link Generationdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Phishing attacks. The reverse() function does not properly validate URLs. When user input beginning with two forward-slash characters (// ), reverse() could generate scheme-relative URLs to other hosts, allowing an attacker to generate links to sites of their choice, enabling phishing and other attacks.
| [,1.4.14)[1.5,1.5.9)[1.6,1.6.6) |
Session Hijackingdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Session Hijacking. The RemoteUserMiddleware when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via the REMOTE_USER header as logout/login actions are not checked.
| [,1.4.14)[1.5,1.5.9)[1.6,1.6.6) |
Web Cache PoisoningDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Web Cache Poisoning. It does not properly include the Vary: Cookie or Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
How to fix Web Cache Poisoning? Upgrade Django to version 1.4.13, 1.5.8, 1.6.5 or higher.
| [,1.4.13)[1.5,1.5.8)[1.6,1.6.5) |
Open Redirectdjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Open Redirecting. The http.is_safe_url() function does not properly validate URLs, like http:\\\djangoproject.com. , which This allows a user to be redirected to an unsafe URL unexpectedly.
| [,1.4.13)[1.5,1.5.8)[1.6,1.6.5) |
Cross-site Request Forgery (CSRF)Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks.
The caching framework reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
How to fix Cross-site Request Forgery (CSRF)? Upgrade to versions 1.7b2 , 1.6.3 , 1.5.6 , 1.4.11 or greater.
| [,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1) |
SQL InjectionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to SQL Injection. The FilePathField , GenericIPAddressField , and IPAddressField model field classes in Django do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."
How to fix SQL Injection? Upgrade Django to version 1.4.11, 1.5.6, 1.6.3, 1.7.1 or higher.
| [,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1) |
Arbitrary Code ExecutionDjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Arbitrary Code Execution attacks. The django.core.urlresolvers.reverse function allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
How to fix Arbitrary Code Execution? Upgrade to versions 1.7b2 , 1.6.3 , 1.5.6 , 1.4.11 or greater.
| [,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1) |
Directory Traversaldjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Directory Traversal attacks. In the ssi template tag, the ALLOWED_INCLUDE_ROOTS setting is a path that, with the use of .. (dot dot), allows an attacker to access files for reading.
| |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The authentication framework (django.contrib.auth ) hashes passwords with a function that does repeated rounds of computation before finishing. If long password is entered, it may cause high CPU consumption. An attacker may send many of these passwords to be hashed and cause a denial of service.
| |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The AdminURLFieldWidget widget in allows remote attackers to inject arbitrary web script or HTML via a URLField.
| |
Cross-site Scripting (XSS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The is_safe_url function treats a URL's scheme's like javascript: scheme as safe even if it is not HTTP or HTTPS
| |
XML External Entity (XXE) Injectiondjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to XML External Entity (XXE) attacks. An attacker may be able to read arbitrary files via an XML external entity declaration in conjunction with an entity reference. This vulnerability is related to CVE-2013-1665.
| |
Information Exposuredjango is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Information Exposure. The administrative interface did not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
| |
Denial of Service (DoS)django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The form library allows remote attackers to bypass intended resource limits for formsets by modifying the max_num parameter and cause high memory consumption, or trigger server errors.
| |