Identifier

CVE-2020-25626

Package Slug

pypi/djangorestframework

Vulnerability

Cross-site Scripting

Description

A flaw was found in Django REST Framework When using the browseable API viewer. Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Affected Versions

All versions before 3.12.0

Solution

Upgrade to version 3.12.0 or above.

Last Modified

2020-10-08

source