Package | Installed | Affected | Info |
---|---|---|---|
djangorestframework | 3.14.0 | <3.15.2 |
show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
Package | Installed | Affected | Info |
---|---|---|---|
djangorestframework | 3.14.0 | <3.15.2 |
show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
Package | Installed | Affected | Info |
---|---|---|---|
djangorestframework | 3.14.0 | <3.15.2 |
show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
Package | Installed | Affected | Info |
---|---|---|---|
djangorestframework | 3.14.0 | <3.15.2 |
show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
Package | Installed | Affected | Info |
---|---|---|---|
gunicorn | 20.1.0 | <22.0.0 |
show Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. |
gunicorn | 20.1.0 | <21.2.0 |
show A time-based vulnerability in Gunicorn affected versions allows an attacker to disrupt service by manipulating the system clock, causing premature worker timeouts and potential denial-of-service (DoS) conditions. The issue stems from the use of time.time() in the worker timeout logic, which can be exploited if an attacker gains the ability to change the system time. |
djangorestframework | 3.14.0 | <3.15.2 |
show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
https://pyup.io/repos/github/agconti/cookiecutter-django-rest/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/agconti/cookiecutter-django-rest/python-3-shield.svg)](https://pyup.io/repos/github/agconti/cookiecutter-django-rest/)
.. image:: https://pyup.io/repos/github/agconti/cookiecutter-django-rest/python-3-shield.svg :target: https://pyup.io/repos/github/agconti/cookiecutter-django-rest/ :alt: Python 3
<a href="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/"><img src="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/agconti/cookiecutter-django-rest/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/agconti/cookiecutter-django-rest/
{<img src="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/agconti/cookiecutter-django-rest/]
https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg
[![Updates](https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg)](https://pyup.io/repos/github/agconti/cookiecutter-django-rest/)
.. image:: https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg :target: https://pyup.io/repos/github/agconti/cookiecutter-django-rest/ :alt: Updates
<a href="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/"><img src="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg(Updates)!:https://pyup.io/repos/github/agconti/cookiecutter-django-rest/
{<img src="https://pyup.io/repos/github/agconti/cookiecutter-django-rest/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/agconti/cookiecutter-django-rest/]