Fluid Attacks Database

Description

Cross-site Scripting in django-unicorn The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	unicorn	>=0 <0.36.1	0.36.1
pypi	django-unicorn	>=0 <0.36.1	0.36.1

Aliases

1. CVE-2021-421342. NVD-2021-421343. OSV-2021-421344. GHSA-ggmv-6q9p-9gm65. GCVE-2021-42134

References

1. https://github.com/adamghill/django-unicorn/commit/3a832a9e3f6455ddd3b87f646247269918ad10c62. https://github.com/adamghill/django-unicorn/compare/0.36.0...0.36.13. https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-369.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.