Cross-Site Scripting Vulnerability in Unicorn Framework for Django
CVE-2021-42134

6.1MEDIUM

Key Information:

Vendor: Django-unicorn
Status: Unicorn
Vendor: CVE Published:; 11 October 2021

What is CVE-2021-42134?

The Unicorn framework for Django, before version 0.36.1, is vulnerable to Cross-Site Scripting (XSS) attacks via a specific component. This vulnerability arises due to an incomplete patch from a prior vulnerability addressed in CVE-2021-42053. Attackers can exploit this weakness, allowing them to inject malicious scripts that can be executed in the context of a user's browser. Users of affected versions should upgrade to the latest release to mitigate potential risks.

References

https://github.com/adamghill/django-unicorn/commit/3a832a...

x_refsource_MISC

https://github.com/adamghill/django-unicorn/compare/0.36....

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Oct 11, 2021

Django-unicorn

What is CVE-2021-42134?

References

CVSS V3.1

Timeline