-
-
Notifications
You must be signed in to change notification settings - Fork 309
Expand file tree
/
Copy pathexpected-advisories.json
More file actions
123 lines (123 loc) · 3.83 KB
/
Copy pathexpected-advisories.json
File metadata and controls
123 lines (123 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
[
{
"advisory_id": "GHSA-296w-6qhq-gf92",
"aliases": [
"CVE-2014-0481"
],
"summary": "Django denial of service via file upload naming\nThe default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.",
"affected_packages": [
{
"package": {
"type": "pypi",
"namespace": "",
"name": "django",
"version": "",
"qualifiers": "",
"subpath": ""
},
"affected_version_range": "vers:pypi/<1.4.14",
"fixed_version_range": "vers:pypi/1.4.14",
"introduced_by_commit_patches": [],
"fixed_by_commit_patches": []
},
{
"package": {
"type": "pypi",
"namespace": "",
"name": "django",
"version": "",
"qualifiers": "",
"subpath": ""
},
"affected_version_range": "vers:pypi/>=1.5|<1.5.9",
"fixed_version_range": "vers:pypi/1.5.9",
"introduced_by_commit_patches": [],
"fixed_by_commit_patches": []
},
{
"package": {
"type": "pypi",
"namespace": "",
"name": "django",
"version": "",
"qualifiers": "",
"subpath": ""
},
"affected_version_range": "vers:pypi/>=1.6|<1.6.6",
"fixed_version_range": "vers:pypi/1.6.6",
"introduced_by_commit_patches": [],
"fixed_by_commit_patches": []
}
],
"references": [
{
"reference_id": "",
"reference_type": "",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
},
{
"reference_id": "",
"reference_type": "",
"url": "http://www.debian.org/security/2014/dsa-3010"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://github.com/django/django"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://github.com/django/django/commit/26cd48e166ac4d84317c8ee6d63ac52a87e8da99"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-5.yaml"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0481"
},
{
"reference_id": "",
"reference_type": "",
"url": "https://www.djangoproject.com/weblog/2014/aug/20/security"
}
],
"patches": [],
"severities": [
{
"system": "cvssv3.1",
"value": "7.5",
"scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"system": "cvssv4",
"value": "8.7",
"scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"system": "generic_textual",
"value": "HIGH",
"scoring_elements": ""
}
],
"date_published": "2022-05-14T02:05:08+00:00",
"weaknesses": [
400
],
"url": "https://raw.githubusercontent.com/github/advisory-database/refs/heads/main/advisories/github-reviewed/2022/05/GHSA-296w-6qhq-gf92/GHSA-296w-6qhq-gf92.json"
}
]