Vulnerabilities > Djangoproject > Django > 2.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33203 Path Traversal vulnerability in multiple products
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.
network
low complexity
djangoproject fedoraproject CWE-22
4.9
4.9
2019-02-11 CVE-2019-6975 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
network
low complexity
djangoproject canonical fedoraproject CWE-770
7.5
7.5
2019-01-09 CVE-2019-3498 Injection vulnerability in multiple products
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. 		6.5
6.5
2018-08-03 CVE-2018-14574 Open Redirect vulnerability in multiple products
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
network
low complexity
djangoproject debian canonical CWE-601
6.1
6.1
2018-03-09 CVE-2018-7537 Incorrect Regular Expression vulnerability in multiple products
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19.
network
low complexity
canonical djangoproject debian CWE-185
5.3
5.3
2018-03-09 CVE-2018-7536 Incorrect Regular Expression vulnerability in multiple products
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19.
network
low complexity
canonical djangoproject debian redhat CWE-185
5.3
5.3
2018-02-05 CVE-2018-6188 Information Exposure vulnerability in multiple products
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
network
low complexity
djangoproject canonical CWE-200
7.5
7.5