FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|002432c8-ef6a-11ea-ba8f-08002728f74c||Django -- multiple vulnerabilities|
Django Release notes:
CVE-2020-24583: Incorrect permissions on intermediate-level directories
on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied
to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using
the collectstatic management command.
CVE-2020-24584: Permission escalation in intermediate-level directories
of the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system
cache had the system's standard umask rather than 0o077 (no group or
|597d02ce-a66c-11ea-af32-080027846a02||Django -- multiple vulnerabilities|
Django security release reports:
CVE-2020-13254: Potential data leakage via malformed memcached keys
In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data leakage.
In order to avoid this vulnerability, key validation is added to the memcached
CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
Query parameters for the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query
parameters are correctly URL encoded.