[GHSA-qc99-g3wm-hgxr] Django Arbitrary Code Execution - Githubissues

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 304 forks source link

[GHSA-qc99-g3wm-hgxr] Django Arbitrary Code Execution #4532

Closed MarkLee131 closed 3 weeks ago

MarkLee131 commented 3 weeks ago

Updates

Affected products
References

Comments add three patches for three versions: https://github.com/django/django/commit/6eefa521be3c658dc0b38f8d62d52e9801e198ab v0.90 https://github.com/django/django/commit/d31e39173c29537e6a1613278c93634c18a3206e v0.91 https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e v0.95 the official report shows them: https://docs.djangoproject.com/en/3.2/releases/security/

the vulnerable versions are also updated according to the official vulnerability report: https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/

advisory-database[bot] commented 3 weeks ago

Hi @MarkLee131! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!