PyPi: Djangorestframework

CVE-2024-21520

Safety vulnerability ID: 71849

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 26, 2024 Updated at Jan 05, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.

Affected package

djangorestframework

Latest version: 3.15.2

Web APIs for Django, made easy.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642
https://github.com/advisories/GHSA-gw84-84pc-xp82
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21520

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application