CVE-2022-22818 Information

Jun 07, 2022 cve

Description

The % debug % template tag in Django 2.2 before 2.2.27 3.2 before 3.2.12 and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://docs.djangoproject.com/en/4.0/releases/security/ https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ https://groups.google.com/forum/#!forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ https://security.netapp.com/advisory/ntap-20220221-0003/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: