CVE-2020-13596

Priority
Description
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
Query parameters generated by the Django admin ForeignKeyRawIdWidget were
not properly URL encoded, leading to a possibility of an XSS attack.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.2.13,3.0.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (1.6.11-0ubuntu1.3+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.11.11-1ubuntu1.9)
Ubuntu 19.10 (Eoan Ermine):released (1:1.11.22-1ubuntu1.4)
Ubuntu 20.04 LTS (Focal Fossa):released (2:2.2.12-1ubuntu0.1)
Ubuntu 20.10 (Groovy Gorilla):released (2:2.2.12-1ubuntu1)
More Information

Updated: 2020-06-15 12:15:23 UTC (commit 977ade4491845d639608a216aae2b9d359c46b9b)