CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22199 – Django Template Engine Vulnerable to XSS
https://notcve.org/view.php?id=CVE-2024-22199
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. Este paquete proporciona métodos universales para usar múltiples motores de plantillas con el framework web de Fiber mediante la interfaz de Views. Esta vulnerabilidad afecta específicamente a las aplicaciones web que procesan datos proporcionados por el usuario a través de este motor de plantillas, lo que podría provocar la ejecución de scripts maliciosos en los navegadores de los usuarios cuando visitan las páginas web afectadas. • https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46 https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33203 – django: Potential directory traversal via ``admindocs``
https://notcve.org/view.php?id=CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. Django versiones anteriores a 2.2.24, versiones 3.x anteriores a 3.1.12 y versiones 3.2.x anteriores a 3.2.4, presenta un potencial salto de directorio por medio de django.contrib.admindocs. • https://docs.djangoproject.com/en/3.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV https://security.netapp.com/advisory/ntap-20210727-0004 https://www.djangoproject.com/weblog/2021/jun/02/security-releases https://access.redhat.com/security/cve/CVE-2021-33203 https://bugzilla.redhat.com/show_bug.cgi?id=1966251 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 14%CPEs: 11EXPL: 0CVE-2020-9402 – django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle
https://notcve.org/view.php?id=CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. Django versiones 1.11 anteriores a 1.11.29, versiones 2.2 anteriores a 2.2.11 y versiones 3.0 anteriores a 3.0.4, permite una Inyección SQL si datos no confiables son usados como un parámetro tolerance en funciones GIS y agregados en Oracle. Al pasar una tolerancia diseñada adecuadamente hacia las funciones GIS y agregarlas en Oracle, esto hizo posible romper el escape e inyectar SQL malicioso. A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY https://security.gentoo.org/glsa/202004-17 https://security.netapp.com/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 4CVE-2020-7471
https://notcve.org/view.php?id=CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. Django versiones 1.11 anteriores a 1.11.28, versiones 2.2 anteriores a 2.2.10 y versiones 3.0 anteriores a 3.0.3, permite una Inyección SQL si se usan datos no confiables como un delimitador de StringAgg (por ejemplo, en aplicaciones Django que ofrecen descargas de datos como una serie de filas con un delimitador de columna especificado por el usuario). Al pasar un delimitador apropiadamente diseñado a una instancia contrib.postgres.aggregates.StringAgg, fue posible romper el escape e inyectar SQL malicioso. • https://github.com/Saferman/CVE-2020-7471 https://github.com/SNCKER/CVE-2020-7471 https://github.com/mrlihd/CVE-2020-7471 https://github.com/huzaifakhan771/CVE-2020-7471-Django http://www.openwall.com/lists/oss-security/2020/02/03/1 https://docs.djangoproject.com/en/3.0/releases/security https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI https://lists.fedoraproject.org/archives/list/pac • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 22%CPEs: 7EXPL: 1CVE-2019-19844 – Django < 3.0 < 2.2 < 1.11 - Account Hijack
https://notcve.org/view.php?id=CVE-2019-19844
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) Django versiones anteriores a 1.11.27, versiones 2.x anteriores a 2.2.9 y versiones 3.x anteriores a 3.0.1, permite tomar el control de la cuenta. Una dirección de correo electrónico diseñada adecuadamente (que es igual a la dirección de correo electrónico de un usuario existente después de la transformación de mayúsculas y minúsculas de los caracteres Unicode) permitiría a un atacante enviarle un token de restablecimiento de contraseña para la cuenta de usuario coincidente. • https://www.exploit-db.com/exploits/47879 http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21topic/django-announce/3oaB2rVH3a0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD https://seclists.org/bugtraq/2020/Jan/9 https://security.gentoo.org/glsa/202004-17 https://security.netapp.com/advisory/ntap-20200110-0003 https& • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •