What is the severity of CVE-2018-25045?

CVE-2018-25045 has a medium severity rating due to its potential for cross-site scripting (XSS) vulnerabilities.

How do I fix CVE-2018-25045?

To fix CVE-2018-25045, upgrade Django REST framework to version 3.9.1 or later.

What vulnerabilities does CVE-2018-25045 expose in applications?

CVE-2018-25045 exposes applications to XSS attacks due to the lack of autoescaping in the default DRF Browsable API view templates.

Who is affected by CVE-2018-25045?

Anyone using Django REST framework version prior to 3.9.1 is affected by CVE-2018-25045.

Can CVE-2018-25045 impact all versions of Django REST framework?

CVE-2018-25045 only impacts versions of Django REST framework before 3.9.1, earlier versions are vulnerable.

Vulnerability/
CVE-2018-25045

medium

6.1

CWE

23/7/2022

24/7/2022

5/8/2024

CVE-2018-25045: XSS

First published: Sat Jul 23 2022(Updated: )

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
pip/django-rest-framework	<3.9.1	3.9.1
Django REST framework	<3.9.1

Remedy

https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-25045?
CVE-2018-25045 has a medium severity rating due to its potential for cross-site scripting (XSS) vulnerabilities.
How do I fix CVE-2018-25045?
To fix CVE-2018-25045, upgrade Django REST framework to version 3.9.1 or later.
What vulnerabilities does CVE-2018-25045 expose in applications?
CVE-2018-25045 exposes applications to XSS attacks due to the lack of autoescaping in the default DRF Browsable API view templates.
Who is affected by CVE-2018-25045?
Anyone using Django REST framework version prior to 3.9.1 is affected by CVE-2018-25045.
Can CVE-2018-25045 impact all versions of Django REST framework?
CVE-2018-25045 only impacts versions of Django REST framework before 3.9.1, earlier versions are vulnerable.

collector/github-advisory
alias/GHSA-xqcf-hj92-967m
alias/CVE-2018-25045
collector/github-advisory-latest
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/remedy
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/pip
vendor/django-rest-framework
canonical/django rest framework

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2018-25045?
CVE-2018-25045 has a medium severity rating due to its potential for cross-site scripting (XSS) vulnerabilities.
How do I fix CVE-2018-25045?
To fix CVE-2018-25045, upgrade Django REST framework to version 3.9.1 or later.
What vulnerabilities does CVE-2018-25045 expose in applications?
CVE-2018-25045 exposes applications to XSS attacks due to the lack of autoescaping in the default DRF Browsable API view templates.
Who is affected by CVE-2018-25045?
Anyone using Django REST framework version prior to 3.9.1 is affected by CVE-2018-25045.
Can CVE-2018-25045 impact all versions of Django REST framework?
CVE-2018-25045 only impacts versions of Django REST framework before 3.9.1, earlier versions are vulnerable.