Download of Code Without Integrity Check The advisory has been revoked - it doesn't affect any version of package python-django Open this link in a new tab
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
4 Aug 2022
3 Aug 2022
Introduced: 3 Aug 2022New CVE-2022-36359 Open this link in a new tab
Debian security team deemed this advisory irrelevant for
Note: Versions mentioned in the description apply to the upstream
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.