We found results for “”
CVE-2022-36359
Good to know:
Date: August 2, 2022
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
Language: Python
Severity Score
Related Resources (29)
Severity Score
Weakness Type (CWE)
Download of Code Without Integrity Check
CWE-494Top Fix
Upgrade Version
Upgrade to version django - 4.0.7;django - 3.2.15;django - 3.2.15;sinatra - 3.0.4;sinatra - 2.2.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
Vulnerabilities
Projects
Contact Us


