FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
py36-django22 < 2.2.13
py37-django22 < 2.2.13
py38-django22 < 2.2.13
py36-django30 < 3.0.7
py37-django30 < 3.0.7
py38-django30 < 3.0.7


VuXML ID 597d02ce-a66c-11ea-af32-080027846a02
Discovery 2020-06-01
Entry 2020-06-04

Django security release reports:

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.

CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded.


CVE Name CVE-2020-13254
CVE Name CVE-2020-13596