A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious Githubissues.
Githubissues is a development platform for aggregating issues.
Web APIs for Django, made easy.
Library home page: https://files.pythonhosted.org/packages/a2/cc/a8738854bda156f8145b9185488c1dae79ce17df5b563c42ee7dd0c6245a/djangorestframework-3.11.1-py3-none-any.whl
Path to dependency file: /Pipfile
Path to vulnerable library: /Pipfile
Found in HEAD commit: 87fe785e6152127437ca26d4cf53bfcae5081444
Vulnerabilities
Details
CVE-2020-25626
### Vulnerable Library - djangorestframework-3.11.1-py3-none-any.whlWeb APIs for Django, made easy.
Library home page: https://files.pythonhosted.org/packages/a2/cc/a8738854bda156f8145b9185488c1dae79ce17df5b563c42ee7dd0c6245a/djangorestframework-3.11.1-py3-none-any.whl
Path to dependency file: /Pipfile
Path to vulnerable library: /Pipfile
Dependency Hierarchy: - :x: **djangorestframework-3.11.1-py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 87fe785e6152127437ca26d4cf53bfcae5081444
Found in base branch: main
### Vulnerability DetailsA flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious Githubissues.