Python/django/2.1.15

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

https://pypi.org/project/django
BSD

2 Security Vulnerabilities

Path Traversal in Django

Published date: 2021-06-10T17:21:00Z
CVE: CVE-2021-33203
Links:

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

Affected versions: ["1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.10", "1.10.1", "1.10.2", "1.10.3", "1.10.4", "1.10.5", "1.10.6", "1.10.7", "1.10.8", "1.10a1", "1.10b1", "1.10rc1", "1.11", "1.11.1", "1.11.10", "1.11.11", "1.11.12", "1.11.13", "1.11.14", "1.11.15", "1.11.16", "1.11.17", "1.11.18", "1.11.2", "1.11.20", "1.11.21", "1.11.22", "1.11.23", "1.11.24", "1.11.25", "1.11.26", "1.11.27", "1.11.28", "1.11.29", "1.11.3", "1.11.4", "1.11.5", "1.11.6", "1.11.7", "1.11.8", "1.11.9", "1.11a1", "1.11b1", "1.11rc1", "1.2", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.3", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.4", "1.4.1", "1.4.10", "1.4.11", "1.4.12", "1.4.13", "1.4.14", "1.4.15", "1.4.16", "1.4.17", "1.4.18", "1.4.19", "1.4.2", "1.4.20", "1.4.21", "1.4.22", "1.4.3", "1.4.4", "1.4.5", "1.4.6", "1.4.7", "1.4.8", "1.4.9", "1.5", "1.5.1", "1.5.10", "1.5.11", "1.5.12", "1.5.2", "1.5.3", "1.5.4", "1.5.5", "1.5.6", "1.5.7", "1.5.8", "1.5.9", "1.6", "1.6.1", "1.6.10", "1.6.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.7", "1.7.1", "1.7.10", "1.7.11", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8", "1.8.1", "1.8.10", "1.8.11", "1.8.12", "1.8.13", "1.8.14", "1.8.15", "1.8.16", "1.8.17", "1.8.18", "1.8.19", "1.8.2", "1.8.3", "1.8.4", "1.8.5", "1.8.6", "1.8.7", "1.8.8", "1.8.9", "1.8a1", "1.8b1", "1.8b2", "1.8c1", "1.9", "1.9.1", "1.9.10", "1.9.11", "1.9.12", "1.9.13", "1.9.2", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.9a1", "1.9b1", "1.9rc1", "1.9rc2", "2.0", "2.0.1", "2.0.10", "2.0.12", "2.0.13", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.0.8", "2.0.9", "2.0a1", "2.0b1", "2.0rc1", "2.1", "2.1.1", "2.1.10", "2.1.11", "2.1.12", "2.1.13", "2.1.14", "2.1.15", "2.1.2", "2.1.3", "2.1.4", "2.1.5", "2.1.7", "2.1.8", "2.1.9", "2.1a1", "2.1b1", "2.1rc1", "2.2", "2.2.1", "2.2.10", "2.2.11", "2.2.12", "2.2.13", "2.2.14", "2.2.15", "2.2.16", "2.2.17", "2.2.18", "2.2.19", "2.2.2", "2.2.20", "2.2.3", "2.2.4", "2.2.5", "2.2.6", "2.2.7", "2.2.8", "2.2.9", "2.2a1", "2.2b1", "2.2rc1", "2.2.21", "2.2.22", "2.2.23"]
Secure versions: [3.0a1, 3.1.12, 3.1.13, 3.1.14, 2.2.27, 2.2.28, 4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6, 5.1a1, 5.1b1, 4.2.14, 5.0.7, 5.1rc1, 4.2.15, 5.0.8, 5.1, 4.2.16, 5.0.9, 5.1.1]
Recommendation: Update to version 5.1.1.

Data leakage via cache key collision in Django

Published date: 2020-06-05T16:20:44Z
CVE: CVE-2020-13254
Links:

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Affected versions: ["3.0", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "2.0", "2.0.1", "2.0.10", "2.0.12", "2.0.13", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.0.8", "2.0.9", "2.1", "2.1.1", "2.1.10", "2.1.11", "2.1.12", "2.1.13", "2.1.14", "2.1.15", "2.1.2", "2.1.3", "2.1.4", "2.1.5", "2.1.7", "2.1.8", "2.1.9", "2.1a1", "2.1b1", "2.1rc1", "2.2", "2.2.1", "2.2.10", "2.2.11", "2.2.12", "2.2.2", "2.2.3", "2.2.4", "2.2.5", "2.2.6", "2.2.7", "2.2.8", "2.2.9", "2.2a1", "2.2b1", "2.2rc1"]
Secure versions: [3.0a1, 3.1.12, 3.1.13, 3.1.14, 2.2.27, 2.2.28, 4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6, 5.1a1, 5.1b1, 4.2.14, 5.0.7, 5.1rc1, 4.2.15, 5.0.8, 5.1, 4.2.16, 5.0.9, 5.1.1]
Recommendation: Update to version 5.1.1.

371 Other Versions

Version License Security Released
1.3.6 BSD 20 2013-02-19 - 20:32 over 11 years
1.3.5 BSD 22 2012-12-10 - 21:39 almost 12 years
1.3.4 BSD 22 2013-03-05 - 22:33 over 11 years
1.3.3 BSD 23 2012-08-01 - 22:08 about 12 years
1.3.2 BSD 23 2012-07-30 - 23:02 about 12 years
1.3.1 BSD 25 2011-09-10 - 03:36 about 13 years
1.3 BSD 28 2011-03-23 - 06:09 over 13 years
1.2.7 BSD 22 2011-09-11 - 03:05 about 13 years
1.2.6 BSD 26 2011-09-10 - 03:42 about 13 years
1.2.5 BSD 26 2011-02-09 - 04:08 over 13 years
1.2.4 BSD 29 2010-12-23 - 05:15 almost 14 years
1.2.3 BSD 29 2010-09-11 - 08:50 about 14 years
1.2.2 BSD 29 2010-09-09 - 02:41 about 14 years
1.2.1 BSD 30 2010-05-24 - 21:19 over 14 years
1.2 BSD 30 2010-05-17 - 20:04 over 14 years
1.1.4 BSD 24 2011-02-09 - 04:13 over 13 years
1.1.3 BSD 27 2010-12-23 - 05:14 almost 14 years
1.1.2 BSD 29
1.1.1 BSD 29
1.1 BSD 29
1.0.4 BSD 26
1.0.3 BSD 26
1.0.2 BSD 26
1.0.1 BSD 26
4.0b1 BSD-3-Clause AND BSD 1 2021-10-25 - 09:23 almost 3 years
4.0a1 BSD-3-Clause AND BSD 1 2021-09-21 - 19:08 about 3 years
4.0rc1 BSD-3-Clause AND BSD 1 2021-11-22 - 06:37 almost 3 years
3.2rc1 BSD-3-Clause AND BSD 1 2021-03-18 - 13:55 over 3 years
3.2a1 BSD-3-Clause AND BSD 1 2021-01-19 - 13:04 over 3 years
3.2b1 BSD-3-Clause AND BSD 1 2021-02-19 - 09:35 over 3 years
3.1a1 BSD-3-Clause AND BSD 1 2020-05-14 - 09:41 over 4 years
3.1b1 BSD-3-Clause AND BSD 2 2020-06-15 - 08:15 over 4 years
3.0b1 BSD 1 2019-10-14 - 10:21 almost 5 years
3.0a1 BSD 2019-09-10 - 09:19 about 5 years
3.0rc1 BSD 1 2019-11-18 - 08:51 almost 5 years
3.1rc1 BSD-3-Clause AND BSD 2 2020-07-20 - 06:38 about 4 years
2.2rc1 BSD 3 2019-03-18 - 08:57 over 5 years
2.2b1 BSD 3 2019-02-11 - 10:33 over 5 years
2.2a1 BSD 3 2019-01-17 - 15:35 over 5 years
2.1b1 BSD 3 2018-06-18 - 23:55 over 6 years
2.1a1 BSD 3 2018-05-18 - 01:01 over 6 years
2.1rc1 BSD 3 2018-07-18 - 17:35 about 6 years
2.0rc1 BSD 2 2017-11-15 - 23:51 almost 7 years
2.0a1 BSD 2 2017-09-22 - 18:09 about 7 years
2.0b1 BSD 2 2017-10-17 - 02:00 almost 7 years
1.9rc2 BSD 2 2015-11-24 - 17:35 almost 9 years
1.9b1 BSD 3 2015-10-20 - 01:17 almost 9 years
1.9a1 BSD 3 2015-09-24 - 00:20 about 9 years
1.9rc1 BSD 3 2015-11-16 - 21:10 almost 9 years
1.8b2 BSD 6 2015-03-09 - 15:55 over 9 years
1.8b1 BSD 7 2015-02-25 - 13:42 over 9 years
1.8c1 BSD 5 2015-03-18 - 23:39 over 9 years
1.8a1 BSD 6 2015-01-16 - 22:25 over 9 years
1.11b1 BSD 25 2017-02-20 - 23:21 over 7 years
1.11a1 BSD 25 2017-01-18 - 01:01 over 7 years
1.11rc1 BSD 24 2017-03-21 - 22:55 over 7 years
1.10rc1 BSD 24 2016-07-18 - 18:04 about 8 years
1.10a1 BSD 25 2016-05-20 - 12:16 over 8 years
1.10b1 BSD 25 2016-06-22 - 01:15 over 8 years
5.0rc1 BSD-3-Clause AND BSD
5.0b1 BSD-3-Clause AND BSD
5.0a1 BSD-3-Clause AND BSD
4.2rc1 BSD-3-Clause AND BSD
4.2b1 BSD-3-Clause AND BSD
4.2a1 BSD-3-Clause AND BSD
4.1rc1 BSD-3-Clause AND BSD 2
4.1a1 BSD-3-Clause AND BSD 2 2022-05-18 - 05:54 over 2 years
4.1b1 BSD-3-Clause AND BSD 2 2022-06-21 - 09:20 over 2 years
5.1rc1 BSD-3-Clause AND BSD
5.1a1 BSD-3-Clause AND BSD
5.1b1 BSD-3-Clause AND BSD