search

drakeg / tickets

Ticketing system.
tickets-brown.vercel.app
0 stars 0 forks source link

WS-2019-0037 (Medium) detected in djangorestframework-3.7.7-py2.py3-none-any.whl - autoclosed #13

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 4 years ago

WS-2019-0037 - Medium Severity Vulnerability

Vulnerable Library - djangorestframework-3.7.7-py2.py3-none-any.whl

Web APIs for Django, made easy.

Library home page: https://files.pythonhosted.org/packages/7c/0f/70957d583a9040c902b22dfab88323c1be61266eaddb1b3463a401004856/djangorestframework-3.7.7-py2.py3-none-any.whl

Path to dependency file: /tmp/ws-scm/tickets/requirements.txt

Path to vulnerable library: /tickets/requirements.txt

Dependency Hierarchy: - :x: **djangorestframework-3.7.7-py2.py3-none-any.whl** (Vulnerable Library)

Found in HEAD commit: 415c6462b8b8d3791466435517dae4b7869c342b

Vulnerability Details

Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates.

Publish Date: 2019-04-05

URL: WS-2019-0037

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/encode/django-rest-framework/pull/6330

Release Date: 2019-04-05

Fix Resolution: 3.9.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.