CVE-2013-1665 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=1.3.0 <1.3.6 || >=1.4.0 <1.4.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.048 pctl0.89068

Details

XML External Entity (XXE) in Django The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

Metadata

Created: 2022-05-17T05:09:39Z
Modified: 2024-05-21T20:17:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x64m-686f-fmm3/GHSA-x64m-686f-fmm3.json
CWE IDs: ["CWE-200", "CWE-611"]
Alternative ID: GHSA-x64m-686f-fmm3
Finding: F083
Auto approve: 1