VYPR
High severityNVD Advisory· Published Aug 3, 2022· Updated Feb 13, 2025

CVE-2022-36359

CVE-2022-36359

Description

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 3.2.153.2.15
DjangoPyPI
>= 4.0, < 4.0.74.0.7

Affected products

10

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.