FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffc73e87-87f0-11e9-ad56-fcaa147e860eDjango -- AdminURLFieldWidget XSS

Django security releases issued:

The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link..

jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.


Discovery 2019-06-03
Entry 2019-06-06
py27-django111
py35-django111
py36-django111
py37-django111
< 1.11.21

py35-django21
py36-django21
py37-django21
< 2.1.9

py35-django22
py36-django22
py37-django22
< 2.2.2

CVE-2019-12308
CVE-2019-11358
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/