GHSA-fx83-3ph3-9j2q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fx83-3ph3-9j2q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-fx83-3ph3-9j2q/GHSA-fx83-3ph3-9j2q.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-fx83-3ph3-9j2q
- Aliases
- Published
- 2021-03-19T21:32:47Z
- Modified
- 2024-09-20T15:00:54.734257Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Cross-site Scripting (XSS) in Django REST Framework
- Details
-
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
- Database specific
{ "nvd_published_at": "2020-09-30T20:15:00Z", "cwe_ids": [ "CWE-20", "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-03-12T23:51:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-25626
- https://bugzilla.redhat.com/show_bug.cgi?id=1878635
- https://github.com/advisories/GHSA-fx83-3ph3-9j2q
- https://github.com/encode/django-rest-framework
- https://github.com/pypa/advisory-database/tree/main/vulns/djangorestframework/PYSEC-2020-263.yaml
- https://security.netapp.com/advisory/ntap-20201016-0003
- https://www.debian.org/security/2022/dsa-5186
Affected packages
PyPI / djangorestframework
Package
- Name
- djangorestframework
- View open source insights on deps.dev
- Purl
- pkg:pypi/djangorestframework
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.2
Affected versions
0.*
0.1
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0
3.11.1