CVE-2020-25626

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25626

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25626.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-25626

Aliases

Related

Published

2020-09-30T20:15:15Z

Modified

2024-10-12T06:22:36.850186Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

References

Affected packages

Debian:11 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/encode/django-rest-framework

Affected ranges

Type: GIT
Repo: https://github.com/encode/django-rest-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f7aad8ffa96226672eacb82ab003dcf01070ed3

Affected versions

0.*

0.1

0.2.4

0.3.0

0.3.1

0.3.2

0.3.3

0.4.0

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.3.0

2.3.1

2.3.10

2.3.11

2.3.12

2.3.13

2.3.14

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.1.2

3.1.3

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.8.0

3.8.1

3.8.2

3.9.1

3.9.2

3.9.3