GHSA-m6gj-h9gm-gw44
GHSA-wqjj-hx84-v449
This commit is contained in:
advisory-database[bot] 2024-09-18 20:06:14 +00:00
Родитель 5b5990f5fa
Коммит 57e7a466fe
2 изменённых файлов: 37 добавлений и 14 удалений

Просмотреть файл

@ -1,7 +1,7 @@
{ {
"schema_version": "1.4.0", "schema_version": "1.4.0",
"id": "GHSA-m6gj-h9gm-gw44", "id": "GHSA-m6gj-h9gm-gw44",
"modified": "2023-09-05T14:32:18Z", "modified": "2024-09-18T20:05:04Z",
"published": "2021-03-18T20:30:13Z", "published": "2021-03-18T20:30:13Z",
"aliases": [ "aliases": [
"CVE-2020-24583" "CVE-2020-24583"
@ -12,20 +12,24 @@
{ {
"type": "CVSS_V3", "type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
} }
], ],
"affected": [ "affected": [
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
"type": "ECOSYSTEM", "type": "ECOSYSTEM",
"events": [ "events": [
{ {
"introduced": "2.2" "introduced": "2.2a1"
}, },
{ {
"fixed": "2.2.16" "fixed": "2.2.16"
@ -37,14 +41,14 @@
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
"type": "ECOSYSTEM", "type": "ECOSYSTEM",
"events": [ "events": [
{ {
"introduced": "3.0" "introduced": "3.0a1"
}, },
{ {
"fixed": "3.0.10" "fixed": "3.0.10"
@ -56,14 +60,14 @@
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
"type": "ECOSYSTEM", "type": "ECOSYSTEM",
"events": [ "events": [
{ {
"introduced": "3.1" "introduced": "3.1a1"
}, },
{ {
"fixed": "3.1.1" "fixed": "3.1.1"
@ -86,10 +90,18 @@
"type": "WEB", "type": "WEB",
"url": "https://docs.djangoproject.com/en/dev/releases/security" "url": "https://docs.djangoproject.com/en/dev/releases/security"
}, },
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-m6gj-h9gm-gw44"
},
{ {
"type": "PACKAGE", "type": "PACKAGE",
"url": "https://github.com/django/django" "url": "https://github.com/django/django"
}, },
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-33.yaml"
},
{ {
"type": "WEB", "type": "WEB",
"url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM" "url": "https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM"

Просмотреть файл

@ -1,7 +1,7 @@
{ {
"schema_version": "1.4.0", "schema_version": "1.4.0",
"id": "GHSA-wqjj-hx84-v449", "id": "GHSA-wqjj-hx84-v449",
"modified": "2023-09-05T13:57:24Z", "modified": "2024-09-18T20:04:05Z",
"published": "2022-05-17T03:07:04Z", "published": "2022-05-17T03:07:04Z",
"aliases": [ "aliases": [
"CVE-2014-0474" "CVE-2014-0474"
@ -9,13 +9,20 @@
"summary": "Django Vulnerable to MySQL Injection", "summary": "Django Vulnerable to MySQL Injection",
"details": "The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"", "details": "The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"",
"severity": [ "severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
}
], ],
"affected": [ "affected": [
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
@ -34,14 +41,14 @@
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
"type": "ECOSYSTEM", "type": "ECOSYSTEM",
"events": [ "events": [
{ {
"introduced": "1.5.0" "introduced": "1.5"
}, },
{ {
"fixed": "1.5.6" "fixed": "1.5.6"
@ -53,14 +60,14 @@
{ {
"package": { "package": {
"ecosystem": "PyPI", "ecosystem": "PyPI",
"name": "django" "name": "Django"
}, },
"ranges": [ "ranges": [
{ {
"type": "ECOSYSTEM", "type": "ECOSYSTEM",
"events": [ "events": [
{ {
"introduced": "1.6.0" "introduced": "1.6"
}, },
{ {
"fixed": "1.6.3" "fixed": "1.6.3"
@ -91,6 +98,10 @@
"type": "PACKAGE", "type": "PACKAGE",
"url": "https://github.com/django/django" "url": "https://github.com/django/django"
}, },
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-3.yaml"
},
{ {
"type": "WEB", "type": "WEB",
"url": "https://www.djangoproject.com/weblog/2014/apr/21/security" "url": "https://www.djangoproject.com/weblog/2014/apr/21/security"