Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
django-unicorn affected by component state manipulation via unvalidated attribute access
Vulnerability Description
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Unicorn 安全漏洞
Vulnerability Description
Unicorn是World Wide Web Consortium开源的一个验证器。通过执行各种检查来帮助人们提高网页的质量。 Unicorn 0.67.0之前版本存在安全漏洞,该漏洞源于属性更新和方法调用期间缺少访问控制检查,可能导致组件状态被操纵。
CVSS Information
N/A
Vulnerability Type
N/A