Django Luki w zabezpieczeniach

Oś czasu

Ostatni rok

Wersja

2.2.028
2.2.128
2.2.227
2.2.326
2.2.422

Przeciwdziałanie

Official Fix130
Temporary Fix0
Workaround0
Unavailable0
Not Defined15

Wykorzystywanie

High2
Functional0
Proof-of-Concept10
Unproven13
Not Defined120

Wektor dostępu

Not Defined0
Physical0
Local1
Adjacent17
Network127

Uwierzytelnianie

Not Defined0
High2
Low46
None97

Interakcja z użytkownikiem

Not Defined0
Required45
None100

C3BM Index

Ostatni rok

CVSSv3 Base

≤10
≤20
≤31
≤410
≤526
≤654
≤724
≤824
≤96
≤100

CVSSv3 Temp

≤10
≤20
≤32
≤411
≤538
≤649
≤725
≤816
≤94
≤100

VulDB

≤10
≤20
≤31
≤420
≤532
≤651
≤717
≤823
≤91
≤100

NVD

≤10
≤20
≤31
≤41
≤51
≤67
≤715
≤821
≤93
≤109

CNA

≤10
≤20
≤30
≤44
≤51
≤62
≤70
≤81
≤94
≤101

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤91
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k7
<2k15
<5k12
<10k57
<25k52
<50k2
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k132
<2k6
<5k3
<10k4
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

Ostatni rok

🔴 CTI Zajęcia

Affected Versions (391): 0.1, 0.2, 0.2.1, 0.2.3, 0.3, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.4, 0.5, 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.8, 0.8.4, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.41, 0.9.42, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.10, 0.91, 0.95, 0.95.1, 0.96, 1, 1.0, 1.0.1, 1.0.2, 1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2-alpha1, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.21, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.11, 1.9.12, 1.10, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 1.10.16, 1.10.17, 1.10.18, 1.10.19, 1.10.21, 1.10.22, 1.10.23, 1.10.24, 1.10.25, 1.10.26, 1.10.27, 1.10.28, 1.11, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.21, 1.11.22, 1.11.23, 1.11.24, 1.11.25, 1.11.26, 1.11.27, 2, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, 2.2.21, 2.2.22, 2.2.23, 2.2.24, 2.2.25, 2.2.26, 2.2.27, 2.3, 2.4, 2.5, 2.6, 2.15, 2.15.1, 3, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.11, 3.0.12, 3.0.13, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.11, 3.1.12, 3.1.13, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.21, 3.2.22, 3.2.23, 3.2.24, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.11, 3.11.1, 3.15, 3.15.1, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.11, 4.1.12, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 5, 5.0, 5.0-beta, 5.0.1, 5.0.2, 5.1, 5.2, 5.3, 5.4, 5.5, 12.0, 12.1, 12.2, 12.3, 2022.2.2

Typ oprogramowania: Content Management System

OpublikowanoBaseTempSłaby punkt0dayDzisiajWykPrzCTICVE
2024-03-197.57.3django-wiki Article denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2024-28865
2024-03-128.87.7Microsoft SQL Server Backend for Django Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2024-26164
2024-03-084.84.8Django MarkdownX cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2024-2319
2024-03-043.53.4Django Regular Expression django.utils.text.Truncator.words denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2024-27351
2024-02-065.55.4Django intcomma Template Filter denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-24680
2023-11-015.95.8Django NFKC Normalization forms.py denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-46695
2023-10-234.84.7django-grappelli Relative URL switch.py Redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-46898
2023-10-045.35.1Django django.utils.text.Truncator denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-43665
2023-09-044.34.1Django django.utils.encoding.uri_to_iri denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-41164
2023-08-048.07.9django-sspanel admin_view.py privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2023-38941
2023-07-035.95.8Django URLValidator denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-36053
2023-05-274.94.8Django-SES SESEventWebhookView weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-33185
2023-05-047.67.5python-django privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-31047
2023-03-084.44.3Mobile Vikings Django AJAX Utilities Backslash pagination.js Pagination cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2017-20182
2023-02-155.95.8Django Multipart Request Parser denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-24580
2023-02-015.95.8Django Header denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-23969
2023-01-054.44.3University of Cambridge django-ucamlookup Lookup cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2016-15010
2022-12-184.44.3django-openipam exposed_hosts.html cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-4595
2022-12-154.44.3django-photologue Default Template photo_detail.html cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-4526
2022-10-165.55.4Django URL privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-41323
2022-10-116.96.7django-mfa2 Device Registration FIDO2.py weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-42731
2022-08-043.53.4Django Header FileResponse information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-36359
2022-07-234.84.7Django REST Framework DRF Browsable API cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-25045
2022-07-058.07.9KDE Django Extract sql injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-34265
2022-06-257.77.7django-navbar-client Request Package privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-32996

120 więcej wpisów nie jest pokazywanych

Interested in the pricing of exploits?

See the underground prices here!