[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-36359":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":297,"aliases":298,"duplicate_of":9,"upstream":302,"downstream":303,"duplicates":326,"related":327,"reserved_at":9,"published_at":337,"modified_at":338,"state":339,"summary":340,"references_raw":349,"kevs":442,"epss":443,"epss_history":446,"metrics":712,"affected":720},"CVE-2022-36359","An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-494","Download of Code Without Integrity Check","The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.","weakness","Draft","Base","Medium",[20,24,28,59,134,138,156,197,245,273,277,281],{"id":21,"name":22,"techniques":23},"CAPEC-184","Software Integrity Attack",[],{"id":25,"name":26,"techniques":27},"CAPEC-185","Malicious Software Download",[],{"id":29,"name":30,"techniques":31},"CAPEC-186","Malicious Software Update",[32],{"id":33,"name":34,"tactics":35,"countermeasures":39},"T1195.002","Compromise Software Supply Chain",[36],{"id":37,"name":38},"TA0108","Initial Access",[40,45,49,54],{"id":41,"name":42,"tactic":43},"D3-SWI","Software Inventory",{"name":44},"Model",{"id":46,"name":47,"tactic":48},"D3-AVE","Asset Vulnerability Enumeration",{"name":44},{"id":50,"name":51,"tactic":52},"D3-SU","Software Update",{"name":53},"Harden",{"id":55,"name":56,"tactic":57},"D3-RS","Restore Software",{"name":58},"Restore",{"id":60,"name":61,"techniques":62},"CAPEC-187","Malicious Automated Software Update via Redirection",[63],{"id":64,"name":65,"tactics":66,"countermeasures":73},"T1072","Software Deployment Tools",[67,70],{"id":68,"name":69},"TA0104","Execution",{"id":71,"name":72},"TA0109","Lateral Movement",[74,76,78,83,87,91,96,101,103,107,109,113,118,122,126,130],{"id":41,"name":42,"tactic":75},{"name":44},{"id":46,"name":47,"tactic":77},{"name":44},{"id":79,"name":80,"tactic":81},"D3-SBV","Service Binary Verification",{"name":82},"Detect",{"id":84,"name":85,"tactic":86},"D3-FA","File Analysis",{"name":82},{"id":88,"name":89,"tactic":90},"D3-FIM","File Integrity Monitoring",{"name":82},{"id":92,"name":93,"tactic":94},"D3-FEV","File Eviction",{"name":95},"Evict",{"id":97,"name":98,"tactic":99},"D3-DF","Decoy File",{"name":100},"Deceive",{"id":50,"name":51,"tactic":102},{"name":53},{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":53},{"id":55,"name":56,"tactic":108},{"name":58},{"id":110,"name":111,"tactic":112},"D3-RF","Restore File",{"name":58},{"id":114,"name":115,"tactic":116},"D3-CF","Content Filtering",{"name":117},"Isolate",{"id":119,"name":120,"tactic":121},"D3-LFP","Local File Permissions",{"name":117},{"id":123,"name":124,"tactic":125},"D3-RFAM","Remote File Access Mediation",{"name":117},{"id":127,"name":128,"tactic":129},"D3-CQ","Content Quarantine",{"name":117},{"id":131,"name":132,"tactic":133},"D3-CM","Content Modification",{"name":117},{"id":135,"name":136,"techniques":137},"CAPEC-533","Malicious Manual Software Update",[],{"id":139,"name":140,"techniques":141},"CAPEC-538","Open-Source Library Manipulation",[142],{"id":143,"name":144,"tactics":145,"countermeasures":147},"T1195.001","Compromise Software Dependencies and Development Tools",[146],{"id":37,"name":38},[148,150,152,154],{"id":41,"name":42,"tactic":149},{"name":44},{"id":46,"name":47,"tactic":151},{"name":44},{"id":50,"name":51,"tactic":153},{"name":53},{"id":55,"name":56,"tactic":155},{"name":58},{"id":157,"name":158,"techniques":159},"CAPEC-657","Malicious Automated Software Update via Spoofing",[160],{"id":64,"name":65,"tactics":161,"countermeasures":164},[162,163],{"id":68,"name":69},{"id":71,"name":72},[165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195],{"id":41,"name":42,"tactic":166},{"name":44},{"id":46,"name":47,"tactic":168},{"name":44},{"id":79,"name":80,"tactic":170},{"name":82},{"id":84,"name":85,"tactic":172},{"name":82},{"id":88,"name":89,"tactic":174},{"name":82},{"id":92,"name":93,"tactic":176},{"name":95},{"id":97,"name":98,"tactic":178},{"name":100},{"id":50,"name":51,"tactic":180},{"name":53},{"id":104,"name":105,"tactic":182},{"name":53},{"id":55,"name":56,"tactic":184},{"name":58},{"id":110,"name":111,"tactic":186},{"name":58},{"id":114,"name":115,"tactic":188},{"name":117},{"id":119,"name":120,"tactic":190},{"name":117},{"id":123,"name":124,"tactic":192},{"name":117},{"id":127,"name":128,"tactic":194},{"name":117},{"id":131,"name":132,"tactic":196},{"name":117},{"id":198,"name":199,"techniques":200},"CAPEC-662","Adversary in the Browser (AiTB)",[201],{"id":202,"name":203,"tactics":204,"countermeasures":208},"T1185","Browser Session Hijacking",[205],{"id":206,"name":207},"TA0100","Collection",[209,213,217,221,225,229,233,237,241],{"id":210,"name":211,"tactic":212},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":82},{"id":214,"name":215,"tactic":216},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":82},{"id":218,"name":219,"tactic":220},"D3-CSPP","Client-server Payload Profiling",{"name":82},{"id":222,"name":223,"tactic":224},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":82},{"id":226,"name":227,"tactic":228},"D3-NTSA","Network Traffic Signature Analysis",{"name":82},{"id":230,"name":231,"tactic":232},"D3-APCA","Application Protocol Command Analysis",{"name":82},{"id":234,"name":235,"tactic":236},"D3-NTCD","Network Traffic Community Deviation",{"name":82},{"id":238,"name":239,"tactic":240},"D3-RTSD","Remote Terminal Session Detection",{"name":82},{"id":242,"name":243,"tactic":244},"D3-NTF","Network Traffic Filtering",{"name":117},{"id":246,"name":247,"techniques":248},"CAPEC-691","Spoof Open-Source Software Metadata",[249,261],{"id":143,"name":144,"tactics":250,"countermeasures":252},[251],{"id":37,"name":38},[253,255,257,259],{"id":41,"name":42,"tactic":254},{"name":44},{"id":46,"name":47,"tactic":256},{"name":44},{"id":50,"name":51,"tactic":258},{"name":53},{"id":55,"name":56,"tactic":260},{"name":58},{"id":33,"name":34,"tactics":262,"countermeasures":264},[263],{"id":37,"name":38},[265,267,269,271],{"id":41,"name":42,"tactic":266},{"name":44},{"id":46,"name":47,"tactic":268},{"name":44},{"id":50,"name":51,"tactic":270},{"name":53},{"id":55,"name":56,"tactic":272},{"name":58},{"id":274,"name":275,"techniques":276},"CAPEC-692","Spoof Version Control System Commit Metadata",[],{"id":278,"name":279,"techniques":280},"CAPEC-693","StarJacking",[],{"id":282,"name":283,"techniques":284},"CAPEC-695","Repo Jacking",[285],{"id":143,"name":144,"tactics":286,"countermeasures":288},[287],{"id":37,"name":38},[289,291,293,295],{"id":41,"name":42,"tactic":290},{"name":44},{"id":46,"name":47,"tactic":292},{"name":44},{"id":50,"name":51,"tactic":294},{"name":53},{"id":55,"name":56,"tactic":296},{"name":58},[],[299,300,301],"GHSA-8x94-hmjh-97hq","BIT-django-2022-36359","PYSEC-2022-245",[],[304,306,308,310,312,314,316,318,320,322,324],{"_key":305},"OPENSUSE-SU-2022:10103-1",{"_key":307},"UBUNTU-CVE-2022-36359",{"_key":309},"USN-5549-1",{"_key":311},"OPENSUSE-SU-2023:0005-1",{"_key":313},"OPENSUSE-SU-2024:12236-1",{"_key":315},"OPENSUSE-SU-2024:14208-1",{"_key":317},"OPENSUSE-SU-2025:14662-1",{"_key":319},"DSA-5254-1",{"_key":321},"OPENSUSE-SU-2026:10005-1",{"_key":323},"MGASA-2022-0281",{"_key":325},"DEBIAN-CVE-2022-36359",[],[328,329,331,332,333,334,335,336],{"_key":305},{"_key":330},"CVE-2022-45442",{"_key":311},{"_key":313},{"_key":315},{"_key":317},{"_key":321},{"_key":323},"2022-08-03T00:00:00.000Z","2025-02-13T16:32:48.215Z","Modified",{"cisa_kev":341,"cisa_ransomware":341,"cisa_vendor":9,"epss_severity":342,"epss_score":343,"severity":344,"severity_score":345,"severity_version":346,"severity_source":347,"severity_vector":348,"severity_status":339},false,"low",0.0113,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[350,360,366,371,376,380,384,388,392,397,401,405,409,413,418,422,426,430,434,438],{"url":351,"sources":352,"tags":355},"https://docs.djangoproject.com/en/4.0/releases/security/",[353,347,354],"cve.org","osv_pypi",[356,357,358,359],"Not Applicable","Patch","Vendor Advisory","WEB",{"url":361,"sources":362,"tags":363},"http://www.openwall.com/lists/oss-security/2022/08/03/1",[353,347,354],[364,357,365,359],"Mailing List","Third Party Advisory",{"url":367,"sources":368,"tags":369},"https://groups.google.com/g/django-announce/c/8cz--gvaJr4",[353,347,354],[370,365,359],"Release Notes",{"url":372,"sources":373,"tags":374},"https://www.djangoproject.com/weblog/2022/aug/03/security-releases/",[353,347,354],[357,358,375],"ARTICLE",{"url":377,"sources":378,"tags":379},"https://security.netapp.com/advisory/ntap-20220915-0008/",[353,347],[365],{"url":381,"sources":382,"tags":383},"https://www.debian.org/security/2022/dsa-5254",[353,347,354],[358,365,359],{"url":385,"sources":386,"tags":387},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/",[353,347],[358],{"url":389,"sources":390,"tags":391},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/",[353,347],[358],{"url":393,"sources":394,"tags":395},"https://nvd.nist.gov/vuln/detail/CVE-2022-36359",[354],[396],"Advisory",{"url":398,"sources":399,"tags":400},"https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80",[354],[359],{"url":402,"sources":403,"tags":404},"https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3",[354],[359],{"url":406,"sources":407,"tags":408},"https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173",[354],[359],{"url":410,"sources":411,"tags":412},"https://docs.djangoproject.com/en/4.0/releases/security",[354],[359],{"url":414,"sources":415,"tags":416},"https://github.com/django/django",[354],[417],"PACKAGE",{"url":419,"sources":420,"tags":421},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml",[354],[359],{"url":423,"sources":424,"tags":425},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[354],[359],{"url":427,"sources":428,"tags":429},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[354],[359],{"url":431,"sources":432,"tags":433},"https://security.netapp.com/advisory/ntap-20220915-0008",[354],[359],{"url":435,"sources":436,"tags":437},"https://www.djangoproject.com/weblog/2022/aug/03/security-releases",[354],[359],{"url":439,"sources":440,"tags":441},"https://github.com/advisories/GHSA-8x94-hmjh-97hq",[354],[396],[],{"date":444,"score":343,"percentile":445},"2026-06-04",0.78658,[447,451,454,457,460,463,466,469,472,474,477,480,483,486,489,493,496,499,502,505,508,511,514,516,519,522,524,526,529,532,535,537,540,542,545,547,550,553,556,559,562,565,567,569,572,575,578,581,584,587,591,594,597,600,604,607,610,613,616,619,622,625,627,631,634,637,640,643,646,649,652,655,658,661,664,667,671,674,677,680,683,686,689,692,695,698,701,703,706,709],{"date":448,"score":449,"percentile":450},"2025-11-04",0.00565,0.67545,{"date":452,"score":449,"percentile":453},"2025-11-05",0.67527,{"date":455,"score":449,"percentile":456},"2025-11-06",0.67529,{"date":458,"score":449,"percentile":459},"2025-11-07",0.67541,{"date":461,"score":449,"percentile":462},"2025-11-08",0.6754,{"date":464,"score":449,"percentile":465},"2025-11-09",0.67531,{"date":467,"score":449,"percentile":468},"2025-11-10",0.67521,{"date":470,"score":449,"percentile":471},"2025-11-11",0.67525,{"date":473,"score":449,"percentile":450},"2025-11-12",{"date":475,"score":449,"percentile":476},"2025-11-13",0.67555,{"date":478,"score":449,"percentile":479},"2025-11-14",0.67562,{"date":481,"score":449,"percentile":482},"2025-11-15",0.67559,{"date":484,"score":449,"percentile":485},"2025-11-16",0.67553,{"date":487,"score":449,"percentile":488},"2025-11-17",0.67548,{"date":490,"score":491,"percentile":492},"2025-11-18",0.01132,0.76498,{"date":494,"score":491,"percentile":495},"2025-11-19",0.76504,{"date":497,"score":491,"percentile":498},"2025-11-20",0.76515,{"date":500,"score":449,"percentile":501},"2025-11-21",0.67565,{"date":503,"score":449,"percentile":504},"2025-11-22",0.67568,{"date":506,"score":449,"percentile":507},"2025-11-23",0.67558,{"date":509,"score":449,"percentile":510},"2025-11-24",0.67546,{"date":512,"score":449,"percentile":513},"2025-11-25",0.67554,{"date":515,"score":449,"percentile":479},"2025-11-26",{"date":517,"score":449,"percentile":518},"2025-11-27",0.67564,{"date":520,"score":449,"percentile":521},"2025-11-28",0.67549,{"date":523,"score":449,"percentile":465},"2025-11-29",{"date":525,"score":449,"percentile":456},"2025-11-30",{"date":527,"score":449,"percentile":528},"2025-12-01",0.67685,{"date":530,"score":449,"percentile":531},"2025-12-02",0.67692,{"date":533,"score":449,"percentile":534},"2025-12-03",0.6769,{"date":536,"score":449,"percentile":468},"2025-12-04",{"date":538,"score":449,"percentile":539},"2025-12-05",0.67535,{"date":541,"score":449,"percentile":462},"2025-12-06",{"date":543,"score":449,"percentile":544},"2025-12-07",0.67536,{"date":546,"score":449,"percentile":462},"2025-12-08",{"date":548,"score":449,"percentile":549},"2025-12-09",0.67572,{"date":551,"score":449,"percentile":552},"2025-12-10",0.67618,{"date":554,"score":449,"percentile":555},"2025-12-11",0.67637,{"date":557,"score":449,"percentile":558},"2025-12-12",0.67663,{"date":560,"score":449,"percentile":561},"2025-12-13",0.67671,{"date":563,"score":449,"percentile":564},"2025-12-14",0.67674,{"date":566,"score":449,"percentile":561},"2025-12-15",{"date":568,"score":449,"percentile":564},"2025-12-16",{"date":570,"score":449,"percentile":571},"2025-12-17",0.67686,{"date":573,"score":449,"percentile":574},"2025-12-18",0.67722,{"date":576,"score":449,"percentile":577},"2025-12-19",0.67741,{"date":579,"score":449,"percentile":580},"2025-12-20",0.6774,{"date":582,"score":449,"percentile":583},"2025-12-21",0.67726,{"date":585,"score":449,"percentile":586},"2025-12-22",0.67727,{"date":588,"score":589,"percentile":590},"2025-12-23",0.00595,0.68622,{"date":592,"score":589,"percentile":593},"2025-12-24",0.6863,{"date":595,"score":589,"percentile":596},"2025-12-25",0.6866,{"date":598,"score":589,"percentile":599},"2025-12-26",0.68661,{"date":601,"score":602,"percentile":603},"2025-12-27",0.00501,0.65357,{"date":605,"score":589,"percentile":606},"2025-12-28",0.68633,{"date":608,"score":589,"percentile":609},"2025-12-29",0.68625,{"date":611,"score":589,"percentile":612},"2025-12-30",0.68639,{"date":614,"score":589,"percentile":615},"2025-12-31",0.68655,{"date":617,"score":589,"percentile":618},"2026-01-01",0.6883,{"date":620,"score":589,"percentile":621},"2026-01-02",0.68819,{"date":623,"score":589,"percentile":624},"2026-01-03",0.6882,{"date":626,"score":589,"percentile":596},"2026-01-04",{"date":628,"score":629,"percentile":630},"2026-01-05",0.00582,0.6826,{"date":632,"score":629,"percentile":633},"2026-01-06",0.68271,{"date":635,"score":629,"percentile":636},"2026-01-07",0.68289,{"date":638,"score":629,"percentile":639},"2026-01-08",0.68305,{"date":641,"score":629,"percentile":642},"2026-01-09",0.68313,{"date":644,"score":629,"percentile":645},"2026-01-10",0.68315,{"date":647,"score":629,"percentile":648},"2026-01-11",0.68308,{"date":650,"score":629,"percentile":651},"2026-01-12",0.68298,{"date":653,"score":629,"percentile":654},"2026-01-13",0.68295,{"date":656,"score":629,"percentile":657},"2026-01-14",0.68329,{"date":659,"score":629,"percentile":660},"2026-01-15",0.68335,{"date":662,"score":629,"percentile":663},"2026-01-16",0.68351,{"date":665,"score":629,"percentile":666},"2026-01-17",0.68343,{"date":668,"score":669,"percentile":670},"2026-01-18",0.00598,0.68797,{"date":672,"score":669,"percentile":673},"2026-01-19",0.68787,{"date":675,"score":669,"percentile":676},"2026-01-20",0.68796,{"date":678,"score":669,"percentile":679},"2026-01-21",0.68805,{"date":681,"score":669,"percentile":682},"2026-01-22",0.68815,{"date":684,"score":669,"percentile":685},"2026-01-23",0.68843,{"date":687,"score":669,"percentile":688},"2026-01-24",0.68854,{"date":690,"score":669,"percentile":691},"2026-01-25",0.68824,{"date":693,"score":629,"percentile":694},"2026-01-26",0.68354,{"date":696,"score":629,"percentile":697},"2026-01-27",0.68358,{"date":699,"score":629,"percentile":700},"2026-01-28",0.6837,{"date":702,"score":629,"percentile":700},"2026-01-29",{"date":704,"score":629,"percentile":705},"2026-01-30",0.68375,{"date":707,"score":629,"percentile":708},"2026-01-31",0.6838,{"date":710,"score":629,"percentile":711},"2026-02-01",0.68529,[713,718],{"source":347,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":714,"cvss_v4_0":9},{"baseScore":345,"baseSeverity":715,"vectorString":348,"impactScore":716,"exploitabilityScore":717},"HIGH",9.8,7.2,{"source":354,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":719,"cvss_v4_0":9},{"baseScore":345,"baseSeverity":9,"vectorString":348,"impactScore":716,"exploitabilityScore":717},[721,730,747],{"ecosystem":9,"name":722,"vendor":723,"product":724,"cpe_part":725,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":726},"debian linux","debian","debian_linux","o",[727],{"version":728,"is_range":341,"range_type":729,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":731,"vendor":732,"product":733,"cpe_part":734,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":735},"Django","djangoproject","django","a",[736,743],{"version":737,"is_range":738,"range_type":729,"version_start":739,"version_start_type":740,"version_end":741,"version_end_type":742,"fixed_in":9},"gte3.2_lt3.2.15",true,"3.2","including","3.2.15","excluding",{"version":744,"is_range":738,"range_type":729,"version_start":745,"version_start_type":740,"version_end":746,"version_end_type":742,"fixed_in":9},"gte4.0_lt4.0.7","4.0","4.0.7",{"ecosystem":748,"name":733,"vendor":748,"product":733,"cpe_part":9,"purl_type":749,"purl_namespace":9,"purl_name":733,"source":9,"versions":750},"PyPI","pypi",[751,754],{"version":752,"is_range":738,"range_type":753,"version_start":9,"version_start_type":9,"version_end":741,"version_end_type":742,"fixed_in":9},"lt3_2_15","ecosystem",{"version":755,"is_range":738,"range_type":753,"version_start":745,"version_start_type":740,"version_end":746,"version_end_type":742,"fixed_in":9},"gte4_0_lt4_0_7"]