Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-36359

Published: 03/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Djangoproject

Vulnerability Summary

An issue exists in the HTTP FileResponse class in Django 3.2 prior to 3.2.15 and 4.0 prior to 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5254-1 python-django -- security update
Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, SQL injection or cross-site scripting For the stable distribution (bullseye), these problems have been fixed in version 2:2228-1~deb11u1 We recommend that you upgrade your python-django packages For the detailed security ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2810 python-django 406-1 407-1 Unknown Fixed ...

References

CWE-494https://docs.djangoproject.com/en/4.0/releases/security/https://www.djangoproject.com/weblog/2022/aug/03/security-releases/https://groups.google.com/g/django-announce/c/8cz--gvaJr4http://www.openwall.com/lists/oss-security/2022/08/03/1https://security.netapp.com/advisory/ntap-20220915-0008/https://www.debian.org/security/2022/dsa-5254https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5254
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook