Moderate severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024
CVE-2020-25626
CVE-2020-25626
Description
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leading to a cross-site-scripting (XSS) vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
djangorestframeworkPyPI | < 3.11.2 | 3.11.2 |
Affected products
6- Django/REST Frameworkdescription
- ghsa-coords5 versionspkg:pypi/djangorestframeworkpkg:rpm/opensuse/python-djangorestframework&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/python-djangorestframework-test&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/python-djangorestframework&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/python-djangorestframework-test&distro=SUSE%20Package%20Hub%2015%20SP2
< 3.11.2+ 4 more
- (no CPE)range: < 3.11.2
- (no CPE)range: < 3.11.2-lp152.2.3.1
- (no CPE)range: < 3.11.2-lp152.2.3.1
- (no CPE)range: < 3.11.2-bp152.2.3.1
- (no CPE)range: < 3.11.2-bp152.2.3.1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-fx83-3ph3-9j2qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25626ghsaADVISORY
- www.debian.org/security/2022/dsa-5186ghsavendor-advisoryx_refsource_DEBIANWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/djangorestframework/PYSEC-2020-263.yamlghsaWEB
- security.netapp.com/advisory/ntap-20201016-0003ghsaWEB
- security.netapp.com/advisory/ntap-20201016-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.