Required CVE Record Information
Description
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
References 6 Total
- https://groups.google.com/forum/#%21forum/django-announce
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
- lists.fedoraproject.org: FEDORA-2022-e7fd530688 vendor-advisory
- https://security.netapp.com/advisory/ntap-20220221-0003/
- debian.org: DSA-5254 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://groups.google.com/forum/#%21forum/django-announce x_transferred
- https://docs.djangoproject.com/en/4.0/releases/security/ x_transferred
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ x_transferred
- lists.fedoraproject.org: FEDORA-2022-e7fd530688 vendor-advisoryx_transferred
- https://security.netapp.com/advisory/ntap-20220221-0003/ x_transferred
- debian.org: DSA-5254 vendor-advisoryx_transferred