Your submission was sent successfully! Close

CVE-2022-22818

Published: 1 February 2022

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
bionic
Released (1:1.11.11-1ubuntu1.16)
focal
Released (2:2.2.12-1ubuntu0.10)
impish
Released (2:2.2.24-1ubuntu1.3)
jammy
Released (2:3.2.12-1)
trusty
Released (1.6.11-0ubuntu1.3+esm4)
upstream
Released (2.2.27,3.2.12)
xenial
Released (1.8.7-1ubuntu5.15+esm4)