Django - HackerOne Reports
View on HackerOne4
Total Reports
1
Critical
1
High
1
Medium
0
Low
Email Spoofing Possible on djangoproject.com Email Domain
Reported by:
greenwolf
|
Disclosed:
Medium
Weakness: Business Logic Errors
Deserialization of potentially malicious data to RCE
Reported by:
scaramouche31
|
Disclosed:
High
Weakness: Deserialization of Untrusted Data
CVEs:
CVE-2021-33026
CSRF protection bypass on any Django powered site via Google Analytics
Reported by:
bobrov
|
Disclosed:
Jenkins Unauthenticated RCE on https://djangoci.com/
Reported by:
j3ssie
|
Disclosed:
Critical
Weakness: OS Command Injection