VDB
BIT-django-2022-22818
BIT-django-2022-22818
PUBLISHED
CVSS 6.099999904632568 MEDIUM
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 2.2.0, 3.2.0, 4.0.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch
References
- https://docs.djangoproject.com/en/4.0/releases/security/ url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
- https://security.netapp.com/advisory/ntap-20220221-0003/ url
- https://www.debian.org/security/2022/dsa-5254 url
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-22818 url