Known Vulnerabilities for Django by Djangoproject

Listed below are 10 of the newest known vulnerabilities associated with "Django" by "Djangoproject".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-23833 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing cert... 7.5 - HIGH 2022-02-03 2023-11-22
CVE-2022-22818 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode th... 6.1 - MEDIUM 2022-02-03 2023-11-07
CVE-2021-35042 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from ... 9.8 - CRITICAL 2021-07-02 2023-11-07
CVE-2021-33571 In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46... 7.5 - HIGH 2021-06-08 2023-12-07
CVE-2021-33203 Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admind... 4.9 - MEDIUM 2021-06-08 2023-11-07
CVE-2021-32052 In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit new... 6.1 - MEDIUM 2021-05-06 2023-11-07
CVE-2021-31542 In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed dir... 7.5 - HIGH 2021-05-05 2023-12-07
CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploade... 5.3 - MEDIUM 2021-04-06 2023-11-07
CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 an... 5.9 - MEDIUM 2021-02-15 2023-11-07
CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "start... 5.3 - MEDIUM 2021-02-02 2023-11-07
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationDjangoprojectDjango3.1.8AllAllAll
ApplicationDjangoprojectDjango3.1.7AllAllAll
ApplicationDjangoprojectDjango3.1.6AllAllAll
ApplicationDjangoprojectDjango3.1.5AllAllAll
ApplicationDjangoprojectDjango3.1.4AllAllAll
ApplicationDjangoprojectDjango3.1.3AllAllAll
ApplicationDjangoprojectDjango3.1.2AllAllAll
ApplicationDjangoprojectDjango3.1.1AllAllAll
ApplicationDjangoprojectDjango3.1AllAllAll
ApplicationDjangoprojectDjango3.0.9AllAllAll
ApplicationDjangoprojectDjango3.0.8AllAllAll
ApplicationDjangoprojectDjango3.0.7AllAllAll
ApplicationDjangoprojectDjango3.0.4AllAllAll
ApplicationDjangoprojectDjango3.0.3AllAllAll
ApplicationDjangoprojectDjango3.0.2AllAllAll
ApplicationDjangoprojectDjango3.0.12AllAllAll
ApplicationDjangoprojectDjango3.0.11AllAllAll
ApplicationDjangoprojectDjango3.0.10AllAllAll
ApplicationDjangoprojectDjango3.0.1AllAllAll
ApplicationDjangoprojectDjango3.0AllAllAll
Results limited to 20 most recent known configurations

Popular searches for Django

The Web framework for perfectionists with deadlines | Django

www.djangoproject.com

@ Django (web framework) Web framework Programmer Application software Subscription business model World Wide Web Python (programming language) Web development Reinventing the wheel Rapid application development Mailing list Time limit High-level programming language Email Computer security Google Groups Web application Django Software Foundation Electronic mailing list Free and open-source software

Getting started with Django | Django

www.djangoproject.com/start

Getting started with Django | Django Its quick & easy to get up and running with Django Its got two parts:. import renderdef band listing request :"""A view of all bands."""bands. import gettextdef homepage request :""" Shows the homepage with a welcome message that is translated in the user's language.

Django (web framework) User (computing) URL Django Django Hypertext Transfer Protocol Application software Installation (computer programs) Programmer Macintosh startup Python (programming language) Web template system Rendering (computer graphics) Home page Tutorial Web application HTML Object (computer science) Application programming interface Internationalization and localization Interface (computing)

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].
© CVE.report 2024 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report