GHSA-j4v3-wwwx-5gqv

Suggest an improvement
Source
https://github.com/advisories/GHSA-j4v3-wwwx-5gqv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j4v3-wwwx-5gqv/GHSA-j4v3-wwwx-5gqv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j4v3-wwwx-5gqv
Aliases
  • CVE-2024-11404
Published
2024-11-20T12:30:35Z
Modified
2024-11-20T18:42:22.607004Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
django Filer Unrestricted Upload of File with Dangerous Type
Details

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

Database specific
{
    "nvd_published_at": "2024-11-20T12:15:18Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-434"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-20T18:27:56Z"
}
References

Affected packages

PyPI / django-filer

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0

Affected versions

0.*

0.1.3a
0.7.0
0.7.1
0.7.2
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6rc1
1.2.6rc2
1.2.6
1.2.7
1.2.8
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.6.0
1.7.0
1.7.1

2.*

2.0.0
2.0.1
2.0.2
2.1rc1
2.1rc2
2.1rc3
2.1rc4
2.1
2.1.1
2.1.2
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.3rc1

3.*

3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3