Total
103 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0698 | 2 Djangoproject, Microsoft | 2 Django, Windows | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. | |||||
CVE-2010-4535 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | |||||
CVE-2009-3695 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. |