Safety CI > agconti/cookiecutter-django-rest

pyup-scheduled-update-2024-08-26

12 months ago

3fdb5f60

Update factory-boy from 3.2.1 to 3.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

f34af5d8

Update mock from 5.0.2 to 5.1.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

93c102a7

Update flake8 from 6.0.0 to 7.1.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

62d748b9

Update mkdocs from 1.4.3 to 1.6.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

07f05934

Update ipython from 8.13.2 to 8.26.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

386bea7e

Update django-filter from 23.2 to 24.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

4321e9a5

Update markdown from 3.4.3 to 3.7

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

a946f0f1

Update djangorestframework from 3.14.0 to 3.15.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2024-08-26

12 months ago

26928bc5

Update django-model-utils from 4.3.1 to 4.5.1

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

d915ed4e

Update dj-database-url from 2.0.0 to 2.2.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

c4767917

Update psycopg2-binary from 2.9.6 to 2.9.9

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

dd54fe17

Update newrelic from 8.8.0 to 9.13.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

61d3b046

Update gunicorn from 20.1.0 to 23.0.0

djangorestframework 3.14.0 has known security vulnerabilities.

Package	Installed	Affected	Info
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Package

Installed

Affected

Info

djangorestframework

3.14.0

<3.15.2

show

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

b6f1a285

Update django-configurations from 2.4.1 to 2.5.1

gunicorn 20.1.0 and djangorestframework 3.14.0 have known security vulnerabilities.

Package	Installed	Affected	Info
gunicorn	20.1.0	<23.0.0	show Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
gunicorn	20.1.0	<22.0.0	show Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
gunicorn	20.1.0	<21.2.0	show A time-based vulnerability in Gunicorn affected versions allows an attacker to disrupt service by manipulating the system clock, causing premature worker timeouts and potential denial-of-service (DoS) conditions. The issue stems from the use of time.time() in the worker timeout logic, which can be exploited if an attacker gains the ability to change the system time.
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

pyup-scheduled-update-2024-08-26

12 months ago

29455d0c

Update django from 4.2.1 to 5.1

gunicorn 20.1.0 and djangorestframework 3.14.0 have known security vulnerabilities.

Package	Installed	Affected	Info
gunicorn	20.1.0	<23.0.0	show Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
gunicorn	20.1.0	<22.0.0	show Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
gunicorn	20.1.0	<21.2.0	show A time-based vulnerability in Gunicorn affected versions allows an attacker to disrupt service by manipulating the system clock, causing premature worker timeouts and potential denial-of-service (DoS) conditions. The issue stems from the use of time.time() in the worker timeout logic, which can be exploited if an attacker gains the ability to change the system time.
djangorestframework	3.14.0	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.