Moderate severityNVD Advisory· Published Jun 3, 2020· Updated Aug 4, 2024

CVE-2020-13596

Description

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Django ForeignKeyRawIdWidget in admin improperly encodes query parameters, enabling stored XSS.

Vulnerability

Overview

CVE-2020-13596 is a cross-site scripting (XSS) vulnerability in Django's admin interface, specifically in the ForeignKeyRawIdWidget. The widget generates query parameters for related-object lookups but fails to properly URL-encode them, allowing an attacker to inject arbitrary HTML or JavaScript into the admin page. The issue affects Django versions 2.2 before 2.2.13 and 3.0 before 3.0.7 [1][2].

Exploitation

Scenario

An attacker with the ability to supply crafted input (e.g., through a related model's field value) can cause the malformed query parameter to be rendered in the admin's pop-up window. No special privileges are required beyond basic admin access; the attack surface is the admin interface where the widget is used. Because the parameter is not sanitized before being placed into a link, a stored XSS payload can be executed in the context of the admin user's session [2][3].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the browser of an admin user. This can lead to session hijacking, unauthorized actions taken on behalf of the admin, or theft of sensitive data displayed in the admin interface. The CVSSv3.1 base score is 6.1 (Medium), reflecting a low attack complexity but requiring user interaction (clicking the widget's link) [1][2].

Mitigation

The Django project released patched versions (2.2.13 and 3.0.7) that properly URL-encode the query parameters. Users should upgrade immediately. No workaround is available if the widget is used. The vulnerability is not known to be exploited in the wild, but upgrading is strongly recommended [1][3][4].

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DjangoPyPI	>= 2.2a1, < 2.2.13	2.2.13
DjangoPyPI	>= 3.0a1, < 3.0.7	3.0.7

Affected products

300

Django/Djangodescription
osv-coords299 versions
pkg:bitnami/django pkg:pypi/django pkg:rpm/suse/ansible1&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ansible1&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ansible1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-cluster&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cluster&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-input-model&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-logging&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/caasp-openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/caasp-openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/caasp-openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kibana&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-dashboard&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-dashboard-theme-HPE&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-keystone-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-monasca-agent&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-octavia-amphora-image&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-tempest&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-amqp&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-apicapi&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-apicapi&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-apicapi&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Flask&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Flask&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Flask&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-GitPython&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-GitPython&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-keystoneauth1&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-keystoneauth1&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-keystoneauth1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-oslo.messaging&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Pillow&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-psql2mysql&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-psutil&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-pyroute2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-pysaml2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-tooz&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-tooz&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-tooz&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-waitress&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%207
>= 2.2.0, < 2.2.13+ 298 more
- (no CPE)range: >= 2.2.0, < 2.2.13
- (no CPE)range: >= 2.2a1, < 2.2.13
- (no CPE)range: < 1.9.6-7.3.1
- (no CPE)range: < 1.9.6-7.3.1
- (no CPE)range: < 1.9.6-9.7.2
- (no CPE)range: < 2.4.6.0-3.9.1
- (no CPE)range: < 2.2.3.0-12.2
- (no CPE)range: < 2.4.6.0-3.9.1
- (no CPE)range: < 2.4.6.0-3.9.1
- (no CPE)range: < 8.0+git.1589740980.6c3bcdc-3.73.1
- (no CPE)range: < 8.0+git.1589740980.6c3bcdc-3.73.1
- (no CPE)range: < 9.0+git.1591138508.e269bdb-3.22.2
- (no CPE)range: < 8.0+git.1585685203.3e71e49-3.36.1
- (no CPE)range: < 8.0+git.1585685203.3e71e49-3.36.1
- (no CPE)range: < 9.0+git.1588181228.bae3b1f-3.13.2
- (no CPE)range: < 8.0+git.1586539529.b7d295f-3.21.1
- (no CPE)range: < 8.0+git.1586539529.b7d295f-3.21.1
- (no CPE)range: < 9.0+git.1593631708.9354a78-3.13.2
- (no CPE)range: < 8.0+git.1589740934.0e0ad61-3.39.1
- (no CPE)range: < 8.0+git.1589740934.0e0ad61-3.39.1
- (no CPE)range: < 9.0+git.1589740948.c24fc0b-3.19.2
- (no CPE)range: < 8.0+git.1591194866.b7375d0-3.24.1
- (no CPE)range: < 8.0+git.1591194866.b7375d0-3.24.1
- (no CPE)range: < 9.0+git.1591193994.d93b668-3.13.2
- (no CPE)range: < 9.0+git.1594158642.b5905e4-3.12.2
- (no CPE)range: < 9.0+git.1589385256.7fbfaaf-3.19.2
- (no CPE)range: < 8.0+git.1589715269.62ad6df-3.22.1
- (no CPE)range: < 8.0+git.1589715269.62ad6df-3.22.1
- (no CPE)range: < 9.0+git.1593618110.cbd1a37-3.16.2
- (no CPE)range: < 8.0+git.1590756744.ba84abc-3.42.1
- (no CPE)range: < 8.0+git.1590756744.ba84abc-3.42.1
- (no CPE)range: < 9.0+git.1590756257.e09d54f-3.22.2
- (no CPE)range: < 8.0+git.1590100427.cf4cc8f-3.29.1
- (no CPE)range: < 8.0+git.1590100427.cf4cc8f-3.29.1
- (no CPE)range: < 9.0+git.1590079609.a2ae6ab-3.19.2
- (no CPE)range: < 8.0+git.1587034587.eac37b8-3.45.1
- (no CPE)range: < 8.0+git.1587034587.eac37b8-3.45.1
- (no CPE)range: < 9.0+git.1593033709.9495bb2-3.16.2
- (no CPE)range: < 1.0+git.1560518045.ad7dc6d-4.18.1
- (no CPE)range: < 1.0+git.1560518045.ad7dc6d-4.18.1
- (no CPE)range: < 1.0+git.1560518045.ad7dc6d-4.18.1
- (no CPE)range: < 4.0+git.1580209654.1d112d31f-9.66.5
- (no CPE)range: < 5.0+git.1593156248.55bbdb26d-3.41.2
- (no CPE)range: < 6.0+git.1594619891.b75a61d0d-3.25.5
- (no CPE)range: < 4.0+git.1585316203.d6ad2c8-4.52.4
- (no CPE)range: < 4.0+git.1589804581.9972163f0-9.71.4
- (no CPE)range: < 5.0+git.1593085772.64c4ab43c-4.40.2
- (no CPE)range: < 6.0+git.1591795073.49cb6400e-3.25.3
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 8.20200527-1.26.1
- (no CPE)range: < 4.6.5-4.9.1
- (no CPE)range: < 4.6.5-1.14.1
- (no CPE)range: < 4.6.5-4.9.1
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 4.6.5-4.9.1
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 2.0.19-1.8.1
- (no CPE)range: < 4.6.3-3.3.1
- (no CPE)range: < 4.6.3-5.1
- (no CPE)range: < 4.6.3-3.3.1
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 4.6.3-3.3.1
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 1.5.17-3.6.1
- (no CPE)range: < 20180608_12.47-12.1
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 12.0.5~dev3-3.26.1
- (no CPE)range: < 12.0.5~dev3-3.26.1
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 12.0.5~dev3-3.26.1
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 8+git.1523473653.6599ec8-3.3.1
- (no CPE)range: < 2016.2-5.12.4
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.15.1
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.15.1
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.15.1
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 12.0.4~dev11-5.33.2
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 3.0.1~dev30-4.12.2
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 3.0.1~dev30-4.12.3
- (no CPE)range: < 2.2.6~dev4-3.18.1
- (no CPE)range: < 2.2.6~dev4-3.18.1
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 2.2.6~dev4-3.18.1
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 20190923_16.32-3.12.1
- (no CPE)range: < 20190923_16.32-3.12.1
- (no CPE)range: < 20190923_16.32-3.12.1
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 11.0.9~dev65-3.33.2
- (no CPE)range: < 9.0.2~dev5-4.9.3
- (no CPE)range: < 9.0.2~dev5-4.9.4
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 0.1.4-3.12.2
- (no CPE)range: < 0.1.4-3.12.2
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 0.1.4-3.12.2
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 12.2.1~a0~dev177-4.9.1
- (no CPE)range: < 2.4.2-3.12.1
- (no CPE)range: < 2.4.2-3.12.1
- (no CPE)range: < 2.4.2-3.12.1
- (no CPE)range: < 1.6.0-3.6.1
- (no CPE)range: < 1.6.0-3.6.1
- (no CPE)range: < 1.6.0-3.6.1
- (no CPE)range: < 0.0.3-9.3.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.11.23-3.15.1
- (no CPE)range: < 1.6.11-6.13.1
- (no CPE)range: < 1.8.19-3.23.1
- (no CPE)range: < 1.11.23-3.15.1
- (no CPE)range: < 1.11.23-3.15.1
- (no CPE)range: < 0.12.1-3.3.1
- (no CPE)range: < 0.12.1-3.3.1
- (no CPE)range: < 0.12.1-3.3.1
- (no CPE)range: < 2.1.8-3.3.1
- (no CPE)range: < 2.1.8-3.3.1
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 3.1.2~dev2-3.3.1
- (no CPE)range: < 3.1.2~dev2-3.3.1
- (no CPE)range: < 3.1.2~dev2-3.3.1
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 5.30.8-3.11.1
- (no CPE)range: < 5.30.8-3.11.1
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 5.30.8-3.11.1
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 4.2.1-3.5.1
- (no CPE)range: < 2.8.1-4.12.1
- (no CPE)range: < 4.2.1-3.5.1
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 4.2.1-3.5.1
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 0.5.0+git.1589351878.4ef877c-1.12.1
- (no CPE)range: < 5.2.2-3.3.1
- (no CPE)range: < 1.2.1-21.1
- (no CPE)range: < 5.2.2-3.3.1
- (no CPE)range: < 5.2.2-3.3.1
- (no CPE)range: < 1.8.1-11.12.1
- (no CPE)range: < 0.4.21-3.3.1
- (no CPE)range: < 0.4.21-3.3.1
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 0.4.21-3.3.1
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 4.0.2-5.6.1
- (no CPE)range: < 4.0.2-3.17.1
- (no CPE)range: < 4.0.2-5.6.1
- (no CPE)range: < 4.0.2-5.6.1
- (no CPE)range: < 1.58.1-3.3.1
- (no CPE)range: < 1.58.1-3.3.1
- (no CPE)range: < 1.58.1-3.3.1
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 3.4.4-3.16.1
- (no CPE)range: < 7.20180803-3.18.3
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 4.0.0-3.3.1
- (no CPE)range: < 4.0.0-3.3.1
- (no CPE)range: < 4.0.0-4.3.1
- (no CPE)range: < 3.9.2-7.20.1
- (no CPE)range: < 3.9.2-3.12.1
- (no CPE)range: < 1.7.7-3.3.1
- (no CPE)range: < 1.7.7-3.3.1
- (no CPE)range: < 1.7.7-4.3.1
- (no CPE)range: < 2.16.0-4.6.1
- (no CPE)range: < 2.16.0-3.9.1
- (no CPE)range: < 2.16.0-4.9.1
- (no CPE)range: < 1.1.3-3.3.1
- (no CPE)range: < 1.1.3-3.3.1
- (no CPE)range: < 1.1.3-3.3.1
- (no CPE)range: < 5.1.1~dev7-12.26.2
- (no CPE)range: < 5.1.1~dev7-12.26.2
- (no CPE)range: < 5.0.2~dev3-12.27.2
- (no CPE)range: < 5.0.2~dev3-12.27.2
- (no CPE)range: < 7.0.1~dev24-3.19.3
- (no CPE)range: < 9.0.8~dev7-12.24.2
- (no CPE)range: < 9.0.8~dev7-12.24.2
- (no CPE)range: < 11.2.3~dev23-14.27.2
- (no CPE)range: < 11.2.3~dev23-14.27.2
- (no CPE)range: < 13.0.10~dev12-3.19.2
- (no CPE)range: < 5.0.3~dev7-12.25.2
- (no CPE)range: < 5.0.3~dev7-12.25.2
- (no CPE)range: < 7.0.2~dev2-3.19.2
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.22.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.22.1
- (no CPE)range: < 15.0.3~dev3-12.25.1
- (no CPE)range: < 15.0.3~dev3-12.25.1
- (no CPE)range: < 17.0.1~dev30-3.17.2
- (no CPE)range: < 9.0.8~dev22-12.27.1
- (no CPE)range: < 9.0.8~dev22-12.27.1
- (no CPE)range: < 11.0.3~dev35-3.19.2
- (no CPE)range: < 12.0.5~dev3-14.30.1
- (no CPE)range: < 14.1.1~dev6-4.18.3
- (no CPE)range: < 12.0.5~dev3-14.30.1
- (no CPE)range: < 9.1.8~dev8-12.27.2
- (no CPE)range: < 9.1.8~dev8-12.27.2
- (no CPE)range: < 11.1.5~dev6-4.15.2
- (no CPE)range: < 12.0.4~dev11-11.28.2
- (no CPE)range: < 12.0.4~dev11-11.28.2
- (no CPE)range: < 14.2.1~dev4-3.19.2
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.26.2
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.26.2
- (no CPE)range: < 7.2.1~dev1-4.19.2
- (no CPE)range: < 5.1.1~dev5-12.31.2
- (no CPE)range: < 5.1.1~dev5-12.31.2
- (no CPE)range: < 7.4.2~dev31-3.21.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.22.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.22.2
- (no CPE)range: < 1.8.2~dev3-3.19.2
- (no CPE)range: < 2.2.2~dev1-11.22.3
- (no CPE)range: < 2.2.2~dev1-11.22.3
- (no CPE)range: < 2.7.1~dev10-3.17.3
- (no CPE)range: < 4.0.2~dev2-12.22.1
- (no CPE)range: < 4.0.2~dev2-12.22.1
- (no CPE)range: < 11.0.9~dev65-13.30.2
- (no CPE)range: < 11.0.9~dev65-13.30.2
- (no CPE)range: < 13.0.8~dev68-6.19.2
- (no CPE)range: < 16.1.9~dev61-11.28.2
- (no CPE)range: < 16.1.9~dev61-11.28.2
- (no CPE)range: < 18.3.1~dev38-3.19.3
- (no CPE)range: < 1.0.6~dev3-12.27.2
- (no CPE)range: < 1.0.6~dev3-12.27.2
- (no CPE)range: < 3.2.3~dev7-4.19.2
- (no CPE)range: < 7.0.5~dev4-11.26.2
- (no CPE)range: < 7.0.5~dev4-11.26.2
- (no CPE)range: < 9.0.2~dev15-3.19.2
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.18.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.18.1
- (no CPE)range: < 2.19.2~dev48-2.14.2
- (no CPE)range: < 8.0.2~dev2-11.26.1
- (no CPE)range: < 8.0.2~dev2-11.26.1
- (no CPE)range: < 3.4.10-6.1

Patches

6d61860b2287

[2.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdWidget.

https://github.com/django/djangoJon DufresneMay 26, 2020via ghsa

commit

4 files changed · +29 −3

django/contrib/admin/widgets.py+3 −3 modified

@@ -12,7 +12,7 @@
 from django.urls import reverse
 from django.urls.exceptions import NoReverseMatch
 from django.utils.html import smart_urlquote
-from django.utils.safestring import mark_safe
+from django.utils.http import urlencode
 from django.utils.text import Truncator
 from django.utils.translation import get_language, gettext as _
 
@@ -150,8 +150,8 @@ def get_context(self, name, value, attrs):
 
             params = self.url_parameters()
             if params:
-                related_url += '?' + '&amp;'.join('%s=%s' % (k, v) for k, v in params.items())
-            context['related_url'] = mark_safe(related_url)
+                related_url += '?' + urlencode(params)
+            context['related_url'] = related_url
             context['link_title'] = _('Lookup')
             # The JavaScript code looks for this class.
             context['widget']['attrs'].setdefault('class', 'vForeignKeyRawIdAdminField')

docs/releases/2.2.13.txt+7 −0 modified

@@ -6,6 +6,13 @@ Django 2.2.13 release notes
 
 Django 2.2.13 fixes two security issues and a regression in 2.2.12.
 
+CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
+================================================================
+
+Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
+encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
+ensures query parameters are correctly URL encoded.
+
 Bugfixes
 ========

tests/admin_widgets/models.py+8 −0 modified

@@ -27,6 +27,14 @@ def __str__(self):
         return self.name
 
 
+class UnsafeLimitChoicesTo(models.Model):
+    band = models.ForeignKey(
+        Band,
+        models.CASCADE,
+        limit_choices_to={'name': '"&><escapeme'},
+    )
+
+
 class Album(models.Model):
     band = models.ForeignKey(Band, models.CASCADE)
     featuring = models.ManyToManyField(Band, related_name='featured')

tests/admin_widgets/tests.py+11 −0 modified

@@ -22,6 +22,7 @@
 from .models import (
     Advisor, Album, Band, Bee, Car, Company, Event, Honeycomb, Individual,
     Inventory, Member, MyFileField, Profile, School, Student,
+    UnsafeLimitChoicesTo,
 )
 from .widgetadmin import site as widget_admin_site
 
@@ -586,6 +587,16 @@ def test_proper_manager_for_label_lookup(self):
             'Hidden</a></strong>' % {'pk': hidden.pk}
         )
 
+    def test_render_unsafe_limit_choices_to(self):
+        rel = UnsafeLimitChoicesTo._meta.get_field('band').remote_field
+        w = widgets.ForeignKeyRawIdWidget(rel, widget_admin_site)
+        self.assertHTMLEqual(
+            w.render('test', None),
+            '<input type="text" name="test" class="vForeignKeyRawIdAdminField">\n'
+            '<a href="/admin_widgets/band/?name=%22%26%3E%3Cescapeme&amp;_to_field=id" '
+            'class="related-lookup" id="lookup_id_test" title="Lookup"></a>'
+        )
+
 
 @override_settings(ROOT_URLCONF='admin_widgets.urls')
 class ManyToManyRawIdWidgetTest(TestCase):

1f2dd37f6fce

[3.0.x] Fixed CVE-2020-13596 -- Fixed potential XSS in admin ForeignKeyRawIdWidget.

https://github.com/django/djangoJon DufresneMay 26, 2020via ghsa

commit

5 files changed · +36 −3

django/contrib/admin/widgets.py+3 −3 modified

@@ -12,7 +12,7 @@
 from django.urls import reverse
 from django.urls.exceptions import NoReverseMatch
 from django.utils.html import smart_urlquote
-from django.utils.safestring import mark_safe
+from django.utils.http import urlencode
 from django.utils.text import Truncator
 from django.utils.translation import get_language, gettext as _
 
@@ -150,8 +150,8 @@ def get_context(self, name, value, attrs):
 
             params = self.url_parameters()
             if params:
-                related_url += '?' + '&amp;'.join('%s=%s' % (k, v) for k, v in params.items())
-            context['related_url'] = mark_safe(related_url)
+                related_url += '?' + urlencode(params)
+            context['related_url'] = related_url
             context['link_title'] = _('Lookup')
             # The JavaScript code looks for this class.
             context['widget']['attrs'].setdefault('class', 'vForeignKeyRawIdAdminField')

docs/releases/2.2.13.txt+7 −0 modified

@@ -6,6 +6,13 @@ Django 2.2.13 release notes
 
 Django 2.2.13 fixes two security issues and a regression in 2.2.12.
 
+CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
+================================================================
+
+Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
+encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
+ensures query parameters are correctly URL encoded.
+
 Bugfixes
 ========

docs/releases/3.0.7.txt+7 −0 modified

@@ -6,6 +6,13 @@ Django 3.0.7 release notes
 
 Django 3.0.7 fixes two security issues and several bugs in 3.0.6.
 
+CVE-2020-13596: Possible XSS via admin ``ForeignKeyRawIdWidget``
+================================================================
+
+Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL
+encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now
+ensures query parameters are correctly URL encoded.
+
 Bugfixes
 ========

tests/admin_widgets/models.py+8 −0 modified

@@ -27,6 +27,14 @@ def __str__(self):
         return self.name
 
 
+class UnsafeLimitChoicesTo(models.Model):
+    band = models.ForeignKey(
+        Band,
+        models.CASCADE,
+        limit_choices_to={'name': '"&><escapeme'},
+    )
+
+
 class Album(models.Model):
     band = models.ForeignKey(Band, models.CASCADE)
     featuring = models.ManyToManyField(Band, related_name='featured')

tests/admin_widgets/tests.py+11 −0 modified

@@ -22,6 +22,7 @@
 from .models import (
     Advisor, Album, Band, Bee, Car, Company, Event, Honeycomb, Individual,
     Inventory, Member, MyFileField, Profile, School, Student,
+    UnsafeLimitChoicesTo,
 )
 from .widgetadmin import site as widget_admin_site
 
@@ -586,6 +587,16 @@ def test_proper_manager_for_label_lookup(self):
             'Hidden</a></strong>' % {'pk': hidden.pk}
         )
 
+    def test_render_unsafe_limit_choices_to(self):
+        rel = UnsafeLimitChoicesTo._meta.get_field('band').remote_field
+        w = widgets.ForeignKeyRawIdWidget(rel, widget_admin_site)
+        self.assertHTMLEqual(
+            w.render('test', None),
+            '<input type="text" name="test" class="vForeignKeyRawIdAdminField">\n'
+            '<a href="/admin_widgets/band/?name=%22%26%3E%3Cescapeme&amp;_to_field=id" '
+            'class="related-lookup" id="lookup_id_test" title="Lookup"></a>'
+        )
+
 
 @override_settings(ROOT_URLCONF='admin_widgets.urls')
 class ManyToManyRawIdWidgetTest(TestCase):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-2m34-jcjv-45xfghsaADVISORY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/mitrevendor-advisoryx_refsource_FEDORA
nvd.nist.gov/vuln/detail/CVE-2020-13596ghsaADVISORY
usn.ubuntu.com/4381-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4381-2/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2020/dsa-4705ghsavendor-advisoryx_refsource_DEBIANWEB
docs.djangoproject.com/en/3.0/releases/securityghsaWEB
docs.djangoproject.com/en/3.0/releases/security/mitrex_refsource_MISC
github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38ghsaWEB
github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yamlghsaWEB
groups.google.com/forum/ghsaWEB
groups.google.com/forum/mitrex_refsource_MISC
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZghsaWEB
security.netapp.com/advisory/ntap-20200611-0002ghsaWEB
security.netapp.com/advisory/ntap-20200611-0002/mitrex_refsource_CONFIRM
usn.ubuntu.com/4381-1ghsaWEB
usn.ubuntu.com/4381-2ghsaWEB
www.djangoproject.com/weblog/2020/jun/03/security-releasesghsaWEB
www.djangoproject.com/weblog/2020/jun/03/security-releases/mitrex_refsource_CONFIRM
www.oracle.com/security-alerts/cpujan2021.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000