CVE-2024-21520

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21520

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21520.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21520

Aliases

GHSA-gw84-84pc-xp82

Related

Published

2024-06-26T05:15:50Z

Modified

2024-10-08T04:00:15.994787Z

Summary

[none]

Details

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the breaklongheaders template filter due to improper input sanitization before splitting and joining with <br> tags.

References

Affected packages

Debian:11 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.12.1-1

3.12.4-1

3.12.4-2

3.12.4-2.1

3.12.4-2.2

3.13.1-1

3.14.0-1

3.14.0-2

3.15.1-1

3.15.1-2

3.15.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.14.0-2

3.14.0-2+deb12u1

3.15.1-1

3.15.1-2

3.15.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / djangorestframework

Package

Name: djangorestframework
Purl: pkg:deb/debian/djangorestframework?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.2-1

Affected versions

3.*

3.14.0-2

3.15.1-1

3.15.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/encode/django-rest-framework

Affected ranges

Type: GIT
Repo: https://github.com/encode/django-rest-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3b41f0124194430da957b119712978fa2266b642

Affected versions

0.*

0.1

0.2.4

0.3.0

0.3.1

0.3.2

0.3.3

0.4.0

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.3.0

2.3.1

2.3.10

2.3.11

2.3.12

2.3.13

2.3.14

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.1.2

3.1.3

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0

3.12.0

3.12.1

3.12.2

3.12.3

3.12.4

3.13.0

3.13.1

3.14.0

3.15.0

3.15.1

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.8.0

3.8.1

3.8.2

3.9.1

3.9.2

3.9.3