PT-2022-1456 · Django+6 · Django+6

Keryn Knight

·

Published

2022-02-01

·

Updated

2026-01-03

·

CVE-2022-22818

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Django versions 2.2 before 2.2.27 Django versions 3.2 before 3.2.12 Django versions 4.0 before 4.0.2
Description The {% debug %} template tag in Django does not properly encode the current context, which may lead to XSS. This issue is related to the framework's failure to protect the web page structure, allowing a remote attacker to conduct a cross-site scripting attack.
Recommendations For Django versions 2.2 before 2.2.27, update to version 2.2.27 or later. For Django versions 3.2 before 3.2.12, update to version 3.2.12 or later. For Django versions 4.0 before 4.0.2, update to version 4.0.2 or later. As a temporary workaround, consider disabling the {% debug %} template tag until a patch is available.

Exploit

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2022-1344
ALT-PU-2022-1372
BDU:2022-00584
BIT-DJANGO-2022-22818
CVE-2022-22818
DLA-2906-1
DLA-3191-1
DSA-5254-1
GHSA-95RW-FX8R-36V6
MGASA-2022-0104
OESA-2022-1530
OESA-2022-2055
OPENSUSE-SU-2023:0005-1
OPENSUSE-SU-2024:11804-1
OPENSUSE-SU-2024:14208-1
OPENSUSE-SU-2025:14662-1
OPENSUSE-SU-2026:10005-1
PYSEC-2022-19
RHSA-2022:5498
RHSA-2022:8506
RHSA-2022:8853
RHSA-2022:8872
RLSA-2022:5498
RLSA-2022:8506
SUSE-SU-2022:0285-1
SUSE-SU-2022:0286-1
USN-5269-1
USN-5269-2

Affected Products

Alt Linux
Astra Linux
Django
Linuxmint
Red Os
Rocky Linux
Ubuntu