Safety CI > agconti/cookiecutter-django-rest

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

699ccc83

Update coverage from 7.2.5 to 7.6.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

be260ee1

Update factory-boy from 3.2.1 to 3.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

16f40ae5

Update mock from 5.0.2 to 5.1.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

302b6327

Update flake8 from 6.0.0 to 7.1.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

78a5d0b8

Update mkdocs from 1.4.3 to 1.6.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

0aeda050

Update ipython from 8.13.2 to 8.26.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

2ff9a402

Update django-filter from 23.2 to 24.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

6b393d3a

Update markdown from 3.4.3 to 3.7

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

8012c1a1

Update djangorestframework from 3.14.0 to 3.15.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

e2f20306

Update django-model-utils from 4.3.1 to 4.5.1

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

175308aa

Update dj-database-url from 2.0.0 to 2.2.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

d0d7d15f

Update psycopg2-binary from 2.9.6 to 2.9.9

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

03b11c0a

Update newrelic from 8.8.0 to 9.13.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

1c46d212

Update gunicorn from 20.1.0 to 23.0.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-27

1 year, 7 months ago

40b65090

Update django-configurations from 2.4.1 to 2.5.1

gunicorn 20.1.0 and djangorestframework 3.14.0 have known security vulnerabilities.

Package	Installed	Affected	Info
gunicorn	20.1.0	<22.0.0	show Affected versions of the gunicorn package are vulnerable to HTTP Request/Response Smuggling due to improper validation of the Transfer-Encoding header that enables a TE.CL desynchronisation condition. Gunicorn’s HTTP parser does not consistently enforce RFC semantics when parsing conflicting or unsupported request framing—such as messages containing both Transfer-Encoding and Content-Length—so the backend may fall back to Content-Length while an intermediary treats the message as chunked.
gunicorn	20.1.0	<22.0.0	show Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

gunicorn

20.1.0

<22.0.0

show

Affected versions of the gunicorn package are vulnerable to HTTP Request/Response Smuggling due to improper validation of the Transfer-Encoding header that enables a TE.CL desynchronisation condition. Gunicorn’s HTTP parser does not consistently enforce RFC semantics when parsing conflicting or unsupported request framing—such as messages containing both Transfer-Encoding and Content-Length—so the backend may fall back to Content-Length while an intermediary treats the message as chunked.

gunicorn

20.1.0

<22.0.0

show

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.