Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject django vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-35042
Django 3.1.x prior to 3.1.13 and 3.2.x prior to 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Djangoproject Django
Fedoraproject Fedora 34
9 Github repositories
5
CVSSv2
CVE-2021-45116
An issue exists in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method ...
Djangoproject Django
Fedoraproject Fedora 35
4
CVSSv2
CVE-2021-33203
Django prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admind...
Djangoproject Django
Fedoraproject Fedora 35
4
CVSSv2
CVE-2019-19118
Django 2.1 prior to 2.1.15 and 2.2 prior to 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, al...
Djangoproject Django
Fedoraproject Fedora 31
3 Github repositories
NA
CVE-2023-43665
In Django 3.2 prior to 3.2.22, 4.1 prior to 4.1.12, and 4.2 prior to 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HT...
Djangoproject Django
Fedoraproject Fedora 39
5
CVSSv2
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
NA
CVE-2023-41164
In Django 3.2 prior to 3.2.21, 4.1 prior to 4.1.11, and 4.2 prior to 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Djangoproject Django
Fedoraproject Fedora 39
5
CVSSv2
CVE-2021-45452
Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Djangoproject Django
Fedoraproject Fedora 35
1 Github repository
5
CVSSv2
CVE-2021-45115
An issue exists in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where acc...
Djangoproject Django
Fedoraproject Fedora 35
4.3
CVSSv2
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »