liangliangyy DjangoBlog File Upload Endpoint settings.py hard-coded key

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key . Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

使用硬编码的密码学密钥

DjangoBlog 安全漏洞

DjangoBlog是liangliangyy个人开发者的基于Django的博客系统。 DjangoBlog 2.1.0.0及之前版本存在安全漏洞，该漏洞源于对文件djangoblog/settings.py中参数SECRET_KEY的错误操作，可能导致使用硬编码密钥。

N/A

N/A