Publish GHSA-89hj-xfx5-7q66
This commit is contained in:
Родитель
3790751d42
Коммит
5b5990f5fa
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"schema_version": "1.4.0",
|
"schema_version": "1.4.0",
|
||||||
"id": "GHSA-89hj-xfx5-7q66",
|
"id": "GHSA-89hj-xfx5-7q66",
|
||||||
"modified": "2024-05-16T18:23:40Z",
|
"modified": "2024-09-18T20:01:44Z",
|
||||||
"published": "2022-05-17T03:07:04Z",
|
"published": "2022-05-17T03:07:04Z",
|
||||||
"aliases": [
|
"aliases": [
|
||||||
"CVE-2014-0473"
|
"CVE-2014-0473"
|
||||||
|
@ -9,13 +9,20 @@
|
||||||
"summary": "Django Reuses Cached CSRF Token",
|
"summary": "Django Reuses Cached CSRF Token",
|
||||||
"details": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.",
|
"details": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.",
|
||||||
"severity": [
|
"severity": [
|
||||||
|
{
|
||||||
|
"type": "CVSS_V3",
|
||||||
|
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "CVSS_V4",
|
||||||
|
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
|
||||||
|
}
|
||||||
],
|
],
|
||||||
"affected": [
|
"affected": [
|
||||||
{
|
{
|
||||||
"package": {
|
"package": {
|
||||||
"ecosystem": "PyPI",
|
"ecosystem": "PyPI",
|
||||||
"name": "django"
|
"name": "Django"
|
||||||
},
|
},
|
||||||
"ranges": [
|
"ranges": [
|
||||||
{
|
{
|
||||||
|
@ -34,14 +41,14 @@
|
||||||
{
|
{
|
||||||
"package": {
|
"package": {
|
||||||
"ecosystem": "PyPI",
|
"ecosystem": "PyPI",
|
||||||
"name": "django"
|
"name": "Django"
|
||||||
},
|
},
|
||||||
"ranges": [
|
"ranges": [
|
||||||
{
|
{
|
||||||
"type": "ECOSYSTEM",
|
"type": "ECOSYSTEM",
|
||||||
"events": [
|
"events": [
|
||||||
{
|
{
|
||||||
"introduced": "1.5.0"
|
"introduced": "1.5"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"fixed": "1.5.6"
|
"fixed": "1.5.6"
|
||||||
|
@ -53,14 +60,14 @@
|
||||||
{
|
{
|
||||||
"package": {
|
"package": {
|
||||||
"ecosystem": "PyPI",
|
"ecosystem": "PyPI",
|
||||||
"name": "django"
|
"name": "Django"
|
||||||
},
|
},
|
||||||
"ranges": [
|
"ranges": [
|
||||||
{
|
{
|
||||||
"type": "ECOSYSTEM",
|
"type": "ECOSYSTEM",
|
||||||
"events": [
|
"events": [
|
||||||
{
|
{
|
||||||
"introduced": "1.6.0"
|
"introduced": "1.6"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"fixed": "1.6.3"
|
"fixed": "1.6.3"
|
||||||
|
@ -91,6 +98,10 @@
|
||||||
"type": "PACKAGE",
|
"type": "PACKAGE",
|
||||||
"url": "https://github.com/django/django"
|
"url": "https://github.com/django/django"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"type": "WEB",
|
||||||
|
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-2.yaml"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"type": "WEB",
|
"type": "WEB",
|
||||||
"url": "https://www.djangoproject.com/weblog/2014/apr/21/security"
|
"url": "https://www.djangoproject.com/weblog/2014/apr/21/security"
|
||||||
|
@ -120,7 +131,7 @@
|
||||||
"cwe_ids": [
|
"cwe_ids": [
|
||||||
"CWE-200"
|
"CWE-200"
|
||||||
],
|
],
|
||||||
"severity": "MODERATE",
|
"severity": "HIGH",
|
||||||
"github_reviewed": true,
|
"github_reviewed": true,
|
||||||
"github_reviewed_at": "2023-08-16T22:56:38Z",
|
"github_reviewed_at": "2023-08-16T22:56:38Z",
|
||||||
"nvd_published_at": "2014-04-23T15:55:00Z"
|
"nvd_published_at": "2014-04-23T15:55:00Z"
|
||||||
|
|
Загрузка…
Ссылка в новой задаче