Source: djangorestframework Version: 3.11.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for djangorestframework. CVE-2020-25626[0]: | A flaw was found in Django REST Framework versions before 3.12.0 and | before 3.11.2. When using the browseable API viewer, Django REST | Framework fails to properly escape certain strings that can come from | user input. This allows a user who can control those strings to inject | malicious <script> tags, leading to a cross-site-scripting (XSS) | vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-25626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25626 [1] https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
