PyPI package
django-unicorn
pkg:pypi/django-unicorn
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31815 | — | < 0.67.0 | 0.67.0 | Mar 10, 2026 | Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public | ||
| CVE-2025-24370 | Cri | — | < 0.62.0 | 0.62.0 | Feb 3, 2025 | Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered | |
| CVE-2021-42134 | — | < 0.36.1 | 0.36.1 | Oct 11, 2021 | The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | ||
| CVE-2021-42053 | — | < 0.36.0 | 0.36.0 | Oct 7, 2021 | The Unicorn framework through 0.35.3 for Django allows XSS via component.name. |
- CVE-2026-31815Mar 10, 2026affected < 0.67.0fixed 0.67.0
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public
- affected < 0.62.0fixed 0.62.0
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered
- CVE-2021-42134Oct 11, 2021affected < 0.36.1fixed 0.36.1
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
- CVE-2021-42053Oct 7, 2021affected < 0.36.0fixed 0.36.0
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.