Fluid Attacks Database

Description

silent downgrade

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	python-django	>=0 <1:1.11.22-1	1:1.11.22-1
pypi	django	>=2.1 <2.1.10 \|\| >=2.2 <2.2.3 \|\| >=1.11 <1.11.22	2.1.10, 2.2.3, 1.11.22
alpine v3.10	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
alpine v3.11	py3-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
alpine v3.8	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
alpine v3.9	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
alpine v3.12	py3-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
alpine v3.7	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.11-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.21-r0 \|\| =1.11.5-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.22-r0	1.11.22-r0
debian 14	python-django	>=0 <1:1.11.22-1	1:1.11.22-1
debian 11	python-django	>=0 <1:1.11.22-1	1:1.11.22-1

1-10 of 12

Aliases

1. CVE-2019-127812. NVD-2019-127813. OSV-DEBIAN-2019-127814. OSV-2019-127815. OSV-ALPINE-2019-127816. GHSA-6c7v-2f49-8h267. GCVE-2019-127818. SECURITY-TRACKER-CVE-2019-127819. SECURITY-CVE-2019-12781

References

1. https://docs.djangoproject.com/en/dev/releases/security2. https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml3. https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ4. https://lists.fedoraproject.org/archives/list/[email protected]/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL5. https://seclists.org/bugtraq/2019/Jul/106. https://security.netapp.com/advisory/ntap-20190705-00027. https://usn.ubuntu.com/4043-18. https://www.debian.org/security/2019/dsa-44769. https://www.djangoproject.com/weblog/2019/jul/01/security-releases10. http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html11. http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html12. http://www.openwall.com/lists/oss-security/2019/07/01/3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.