Telefonica Evolved5g FogusNetApp - EVOLVED-5G/FogusNetApp Wiki

Scan of repo: Telefonica/Evolved5g-FogusNetApp


Summary

Severity Number of vulnerabilities
CRITICAL 1
HIGH 4
MEDIUM 3

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
CRITICAL CVE-2021-35042 django: potential SQL injection via unsanitized QuerySet.order_by() input Django 3.1.7 3.1.13, 3.2.5
HIGH CVE-2021-31542 django: Potential directory-traversal via uploaded files Django 3.1.7 2.2.21, 3.1.9, 3.2.1
HIGH CVE-2021-33571 django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in Django 3.1.7 2.2.24, 3.1.12, 3.2.4
HIGH CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths Django 3.1.7 2.2.25, 3.1.14, 3.2.10
HIGH CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter sqlparse 0.4.1 0.4.2
MEDIUM CVE-2021-28658 django: potential directory-traversal via uploaded files Django 3.1.7 2.2.20, 3.0.14, 3.1.8
MEDIUM CVE-2021-32052 django: header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ Django 3.1.7 2.2.22, 3.1.10, 3.2.2
MEDIUM CVE-2021-33203 django: Potential directory traversal via admindocs Django 3.1.7 2.2.24, 3.1.12, 3.2.4

Date: 2022-06-28