Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
Metrics
Affected Vendors & Products
References
History
Sat, 28 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
Vendors & Products |
Redhat
Redhat ansible Automation Platform |
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-06-26T05:00:02.490Z
Updated: 2024-08-01T22:20:40.905Z
Reserved: 2023-12-22T12:33:20.120Z
Link: CVE-2024-21520
Vulnrichment
Updated: 2024-06-26T13:27:20.282Z
NVD
Status : Awaiting Analysis
Published: 2024-06-26T05:15:50.093
Modified: 2024-11-21T08:54:36.510
Link: CVE-2024-21520
Redhat