CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.1%
Vulnerability of QuerySet.explain() function of Django web application software platform is related to
failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity and availability of protected information with the help of a specially generated dictionary.
information with the help of a specially generated dictionary
A vulnerability in the QuerySet.annotate(), aggregate(), and extra() methods of the web application software platform
Django is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could
allow a remote intruder to affect the confidentiality, integrity and availability of protected information through the use of the SQL query structure.
availability of protected information using a specially generated dictionary
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-django | < 3.2.13-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.1%