Published: 03/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in Django 2.2 prior to 2.2.13 and 3.0 prior to 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
fedoraproject fedora 32
netapp steelstore cloud integrated storage -
netapp sra plugin -
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
oracle zfs storage appliance kit 8.8

Debian Bug report logs - #962323 python-django: CVE-2020-13254 CVE-2020-13596 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> ...

It was discovered that Django, a high-level Python web development framework, did not properly sanitize input This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information For the oldstable distribution (stretch), these problems have been fixed in version 1:1107-2+deb9u9 ...

Several security issues were fixed in Django ...

An information disclosure issue has been found in Django before 307, via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage In order to avoid this vulnerability, key validation is added to the memcached cache backen ...

Vulnerability demonstration for Django CVE-2020-13254

Django CVE-2020-13254 This repository demonstrates exploitation of CVE-2020-13254 in two ways – via a web interface and via a failing test case For more details visit: danpalmerme/2020-06-07-django-memcache-vulnerability/ Exploiting via the web The example provides a web interface with 2 forms, one that sets values in the cache and the other that gets them Thes

The following application has different endpoints to retrieve and manage API vulnerabilities from the NATIONAL VULNERABILITIES DATABASE (NVD), NIST. For more information: https://nvd.nist.gov/developers/vulnerabilities

Mapl-App-NVDs The following application has different endpoints to retrieve and manage API vulnerabilities from the NATIONAL VULNERABILITIES DATABASE (NVD), NIST For more information: nvdnistgov/developers/vulnerabilities The database used is MongoDB, it could be run in a local machine or in several cloud services The application is developed in Python using the Fas

CWE-295 https://www.djangoproject.com/weblog/2020/jun/03/security-releases/https://docs.djangoproject.com/en/3.0/releases/security/https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://usn.ubuntu.com/4381-1/https://usn.ubuntu.com/4381-2/https://security.netapp.com/advisory/ntap-20200611-0002/https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html https://www.debian.org/security/2020/dsa-4705 https://www.oracle.com/security-alerts/cpujan2021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323 https://nvd.nist.gov https://usn.ubuntu.com/4381-1/https://www.debian.org/security/2020/dsa-4705

CVE-2020-13254

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect