PyPI package
djangorestframework
pkg:pypi/djangorestframework
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21520 | Med | 6.1 | < 3.15.2 | 3.15.2 | Jun 26, 2024 | Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags. | |
| CVE-2020-25626 | — | < 3.11.2 | 3.11.2 | Sep 30, 2020 | A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malic |
- affected < 3.15.2fixed 3.15.2
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags.
- CVE-2020-25626Sep 30, 2020affected < 3.11.2fixed 3.11.2
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malic