Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
django | 5.0.7 | <4.2.16 , >=5.0a1,<5.0.9 , >=5.1a1,<5.1.1 |
show A potential denial-of-service vulnerability has been identified in Django's urlize() and urlizetrunc() functions in django.utils.html. This vulnerability can be triggered by inputting huge strings containing a specific sequence of characters. |
django | 5.0.7 | <4.2.15 , >=5.0a1,<5.0.8 |
show Django addresses a memory exhaustion issue in django.utils.numberformat.floatformat(). When floatformat receives a string representation of a number in scientific notation with a large exponent, it could lead to excessive memory consumption. To prevent this, decimals with more than 200 digits are now returned as-is. |
django | 5.0.7 | <4.2.16 , >=5.0a1,<5.0.9 , >=5.1a1,<5.1.1 |
show A security vulnerability has been discovered in certain versions of Django, affecting the password reset functionality. The PasswordResetForm class in django.contrib.auth.forms inadvertently allowed attackers to enumerate user email addresses by exploiting unhandled exceptions during the email sending process. This could be done by issuing password reset requests and observing the responses. Django has implemented a fix where these exceptions are now caught and logged using the django.contrib.auth logger, preventing potential information leakage through error responses. |
django | 5.0.7 | <4.2.15 , >=5.0a1,<5.0.8 |
show Affected versions of Django has a potential SQL injection vulnerability in the QuerySet.values() and QuerySet.values_list() methods. When used on models with a JSONField, these methods are susceptible to SQL injection through column aliases if a crafted JSON object key is passed as an argument. |
django | 5.0.7 | <4.2.15 , >=5.0a1,<5.0.8 |
show Django has a potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget. The urlize and urlizetrunc functions, along with AdminURLFieldWidget, are vulnerable to denial-of-service attacks when handling inputs with a very large number of Unicode characters. |
gunicorn | 22.0.0 | >=22.0.0,<23.0.0 |
show A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields. This could lead to HTTP request smuggling and header injection attacks. The issue was resolved by removing this setting and enforcing stricter header validation. Note: It happens due to an incomplete fix for CVE-2024-1135. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
Package | Installed | Affected | Info |
---|---|---|---|
jinja2 | 3.1.4 | >=0 |
show In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. |
https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg)](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/)
.. image:: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg :target: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/ :alt: Python 3
<a href="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/"><img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
{<img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/cookiecutter/cookiecutter-django/]
https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg
[![Updates](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg)](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/)
.. image:: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg :target: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/ :alt: Updates
<a href="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/"><img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg(Updates)!:https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
{<img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/cookiecutter/cookiecutter-django/]