Moderate severityNVD Advisory· Published Jul 23, 2022· Updated Aug 5, 2024
CVE-2018-25045
CVE-2018-25045
Description
Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
django-rest-frameworkPyPI | < 3.9.1 | 3.9.1 |
Affected products
2- Django/Django REST frameworkdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-xqcf-hj92-967mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-25045ghsaADVISORY
- github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8ghsax_refsource_MISCWEB
- github.com/encode/django-rest-framework/pull/6191ghsax_refsource_MISCWEB
- github.com/encode/django-rest-framework/pull/6330ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.