发布时间: 2025年6月13日
修改时间: 2025年6月20日
A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 (Content Management System).CWE is classifying the issue as CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.This is going to have an impact on integrity.Upgrading to version 4.2.22, 5.1.10 or 5.2.2 eliminates this vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.4 |
| Attack Complexity | High | |
| Privileges Required | None | |
| Scope | Changed | |
| Integrity | Low | |
| User Interaction | None | |
| Availability | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2653 | python-django security update | 2025年6月20日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | python-django | Fixed |
| V6 | python-django | Fixed |
| KY3.5.3 | python-django | Fixed |
| KY3.5.2 | python-django | Fixed |
