Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
History

Sat, 28 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.4::el9
Vendors & Products Redhat
Redhat ansible Automation Platform

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-06-26T05:00:02.490Z

Updated: 2024-08-01T22:20:40.905Z

Reserved: 2023-12-22T12:33:20.120Z

Link: CVE-2024-21520

cve-icon Vulnrichment

Updated: 2024-06-26T13:27:20.282Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-26T05:15:50.093

Modified: 2024-11-21T08:54:36.510

Link: CVE-2024-21520

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-26T00:00:00Z

Links: CVE-2024-21520 - Bugzilla