API that interacts with a database and manages serialization and deserialization using django rest framework
License: MIT License
API that interacts with a database and manages serialization and deserialization using django-rest-framework.
Clone the repository to your local machine:
git clone https://github.com/endormi/django-listAPI.gitCreate the database:
python manage.py migratepip install -r requirements.txtRunning the development server:
python manage.py runserverThe source code is released under the MIT License.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Vulnerable Library - Django-2.1.9.tar.gzA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992/Django-2.1.9.tar.gz
Path to dependency file: /django-listAPI/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_5a3f190f-1585-4c16-bfbc-b282f1a6426f/20190817161910_13979/20190817161850_depth_0/1/Django-2.1.9.tar/Django-2.1.9
Dependency Hierarchy:
Found in HEAD commit: bb056cf76fd040cef53d70e4cc90393ace312cec
Vulnerability Details
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Publish Date: 2019-07-01
URL: CVE-2019-12781
CVSS 3 Score Details (5.3)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-2.1.9.tar.gzA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992/Django-2.1.9.tar.gz
Path to dependency file: /django-listAPI/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_5a3f190f-1585-4c16-bfbc-b282f1a6426f/20190817161910_13979/20190817161850_depth_0/1/Django-2.1.9.tar/Django-2.1.9
Dependency Hierarchy:
Found in HEAD commit: bb056cf76fd040cef53d70e4cc90393ace312cec
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
Publish Date: 2019-08-02
URL: CVE-2019-14232
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-2.1.9.tar.gzA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992/Django-2.1.9.tar.gz
Path to dependency file: /django-listAPI/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_5a3f190f-1585-4c16-bfbc-b282f1a6426f/20190817161910_13979/20190817161850_depth_0/1/Django-2.1.9.tar/Django-2.1.9
Dependency Hierarchy:
Found in HEAD commit: bb056cf76fd040cef53d70e4cc90393ace312cec
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Publish Date: 2019-08-02
URL: CVE-2019-14235
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-2.1.9.tar.gzA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992/Django-2.1.9.tar.gz
Path to dependency file: /django-listAPI/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_5a3f190f-1585-4c16-bfbc-b282f1a6426f/20190817161910_13979/20190817161850_depth_0/1/Django-2.1.9.tar/Django-2.1.9
Dependency Hierarchy:
Found in HEAD commit: bb056cf76fd040cef53d70e4cc90393ace312cec
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
Publish Date: 2019-08-02
URL: CVE-2019-14233
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-2.1.9.tar.gzA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992/Django-2.1.9.tar.gz
Path to dependency file: /django-listAPI/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_5a3f190f-1585-4c16-bfbc-b282f1a6426f/20190817161910_13979/20190817161850_depth_0/1/Django-2.1.9.tar/Django-2.1.9
Dependency Hierarchy:
Found in HEAD commit: bb056cf76fd040cef53d70e4cc90393ace312cec
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Publish Date: 2019-08-09
URL: CVE-2019-14234
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
Release Date: 2019-08-09
Fix Resolution: 2.2.4, 2.1.11, 1.11.23
Step up your Open Source Security Game with WhiteSource here
Defining API views and making http requests to the API
Vulnerable Library - httpie-1.0.2-py2.py3-none-any.whlHTTPie - a CLI, cURL-like tool for humans.
Library home page: https://files.pythonhosted.org/packages/d7/46/cfb014b9de6ac5cdd1fa06d85f411dd9506102c8b094906460b4a1710681/httpie-1.0.2-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/django-listAPI/requirements.txt
Path to vulnerable library: /django-listAPI/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: a54bc83bc083139792abec7514cc772a77ced890
Vulnerability Details
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
Publish Date: 2019-08-23
URL: CVE-2019-10751
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/jakubroztocil/httpie/blob/master/CHANGELOG.rst
Release Date: 2019-08-23
Fix Resolution: 1.0.3-dev
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.