[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-48432":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":205,"aliases":206,"duplicate_of":9,"upstream":210,"downstream":211,"duplicates":238,"related":239,"reserved_at":9,"published_at":250,"modified_at":251,"state":252,"summary":253,"references_raw":262,"kevs":329,"epss":330,"epss_history":333,"metrics":607,"affected":620},"CVE-2025-48432","An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-117","Improper Output Neutralization for Logs","The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.","weakness","Draft","Base","Medium",[20,197,201],{"id":21,"name":22,"techniques":23},"CAPEC-268","Audit Log Manipulation",[24,105,129,186],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1070","Indicator Removal",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0005","Stealth",[35,40,44,48,52,56,61,66,70,75,80,85,89,93,97,101],{"id":36,"name":37,"tactic":38},"D3-AEM","Application Exception Monitoring",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-SFA","System File Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-FA","File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":57,"name":58,"tactic":59},"D3-FEV","File Eviction",{"name":60},"Evict",{"id":62,"name":63,"tactic":64},"D3-DNR","Decoy Network Resource",{"name":65},"Deceive",{"id":67,"name":68,"tactic":69},"D3-DF","Decoy File",{"name":65},{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-NRAM","Network Resource Access Mediation",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-CF","Content Filtering",{"name":84},{"id":90,"name":91,"tactic":92},"D3-LFP","Local File Permissions",{"name":84},{"id":94,"name":95,"tactic":96},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CQ","Content Quarantine",{"name":84},{"id":102,"name":103,"tactic":104},"D3-CM","Content Modification",{"name":84},{"id":106,"name":107,"tactics":108,"countermeasures":111},"T1562.002","Disable Windows Event Logging",[109,110],{"id":29,"name":30},{"id":32,"name":33},[112,117,121,125],{"id":113,"name":114,"tactic":115},"D3-CI","Configuration Inventory",{"name":116},"Model",{"id":118,"name":119,"tactic":120},"D3-DRA","Disable Remote Access",{"name":74},{"id":122,"name":123,"tactic":124},"D3-ACH","Application Configuration Hardening",{"name":74},{"id":126,"name":127,"tactic":128},"D3-RC","Restore Configuration",{"name":79},{"id":130,"name":131,"tactics":132,"countermeasures":135},"T1562.003","Impair Command History Logging",[133,134],{"id":29,"name":30},{"id":32,"name":33},[136,138,140,142,146,150,152,156,158,160,162,164,166,168,170,172,174,176,178,182],{"id":113,"name":114,"tactic":137},{"name":116},{"id":49,"name":50,"tactic":139},{"name":39},{"id":53,"name":54,"tactic":141},{"name":39},{"id":143,"name":144,"tactic":145},"D3-DA","Dynamic Analysis",{"name":39},{"id":147,"name":148,"tactic":149},"D3-EFA","Emulated File Analysis",{"name":39},{"id":57,"name":58,"tactic":151},{"name":60},{"id":153,"name":154,"tactic":155},"D3-RKD","Registry Key Deletion",{"name":60},{"id":67,"name":68,"tactic":157},{"name":65},{"id":118,"name":119,"tactic":159},{"name":74},{"id":122,"name":123,"tactic":161},{"name":74},{"id":71,"name":72,"tactic":163},{"name":74},{"id":126,"name":127,"tactic":165},{"name":79},{"id":76,"name":77,"tactic":167},{"name":79},{"id":98,"name":99,"tactic":169},{"name":84},{"id":86,"name":87,"tactic":171},{"name":84},{"id":90,"name":91,"tactic":173},{"name":84},{"id":94,"name":95,"tactic":175},{"name":84},{"id":102,"name":103,"tactic":177},{"name":84},{"id":179,"name":180,"tactic":181},"D3-EAL","Executable Allowlisting",{"name":84},{"id":183,"name":184,"tactic":185},"D3-EDL","Executable Denylisting",{"name":84},{"id":187,"name":188,"tactics":189,"countermeasures":192},"T1562.008","Disable or Modify Cloud Logs",[190,191],{"id":29,"name":30},{"id":32,"name":33},[193,195],{"id":113,"name":114,"tactic":194},{"name":116},{"id":126,"name":127,"tactic":196},{"name":79},{"id":198,"name":199,"techniques":200},"CAPEC-81","Web Server Logs Tampering",[],{"id":202,"name":203,"techniques":204},"CAPEC-93","Log Injection-Tampering-Forging",[],[],[207,208,209],"GHSA-7xr5-9hcq-chf9","BIT-django-2025-48432","PYSEC-2025-47",[],[212,214,216,218,220,222,224,226,228,230,232,234,236],{"_key":213},"SUSE-SU-2025:01952-1",{"_key":215},"SUSE-SU-2025:02248-1",{"_key":217},"DSA-6136-1",{"_key":219},"DLA-4210-1",{"_key":221},"RHSA-2025:16487",{"_key":223},"OPENSUSE-SU-2025:15267-1",{"_key":225},"OPENSUSE-SU-2025:15268-1",{"_key":227},"OPENSUSE-SU-2026:10005-1",{"_key":229},"UBUNTU-CVE-2025-48432",{"_key":231},"MGASA-2025-0193",{"_key":233},"USN-7555-1",{"_key":235},"DEBIAN-CVE-2025-48432",{"_key":237},"RHSA-2025:14686",[],[240,241,242,243,244,245,246,248],{"_key":213},{"_key":215},{"_key":223},{"_key":225},{"_key":227},{"_key":231},{"_key":247},"CGA-CWWH-6WR6-Q2XQ",{"_key":249},"CGA-GW5V-276Q-9JMV","2025-06-05T00:00:00.000Z","2025-06-11T14:59:01.028Z","Analyzed",{"cisa_kev":254,"cisa_ransomware":254,"cisa_vendor":9,"epss_severity":255,"epss_score":256,"severity":257,"severity_score":258,"severity_version":259,"severity_source":260,"severity_vector":261,"severity_status":252},false,"low",0.00411,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[263,271,275,280,285,291,295,299,303,308,312,317,321,325],{"url":264,"sources":265,"tags":268},"https://docs.djangoproject.com/en/dev/releases/security/",[266,260,267],"cve.org","osv_pypi",[269,270],"Vendor Advisory","WEB",{"url":272,"sources":273,"tags":274},"https://groups.google.com/g/django-announce",[266,260,267],[269,270],{"url":276,"sources":277,"tags":278},"https://www.djangoproject.com/weblog/2025/jun/04/security-releases/",[266,260,267],[269,279],"ARTICLE",{"url":281,"sources":282,"tags":283},"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/",[266,260],[284],"Release Notes",{"url":286,"sources":287,"tags":288},"http://www.openwall.com/lists/oss-security/2025/06/04/5",[266,260,267],[289,290,270],"Mailing List","Third Party Advisory",{"url":292,"sources":293,"tags":294},"http://www.openwall.com/lists/oss-security/2025/06/10/2",[266,260,267],[289,290,270],{"url":296,"sources":297,"tags":298},"http://www.openwall.com/lists/oss-security/2025/06/10/3",[266,260,267],[289,290,270],{"url":300,"sources":301,"tags":302},"http://www.openwall.com/lists/oss-security/2025/06/10/4",[266,260,267],[289,270],{"url":304,"sources":305,"tags":306},"https://nvd.nist.gov/vuln/detail/CVE-2025-48432",[267],[307],"Advisory",{"url":309,"sources":310,"tags":311},"https://docs.djangoproject.com/en/dev/releases/security",[267],[270],{"url":313,"sources":314,"tags":315},"https://github.com/django/django",[267],[316],"PACKAGE",{"url":318,"sources":319,"tags":320},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml",[267],[270],{"url":322,"sources":323,"tags":324},"https://www.djangoproject.com/weblog/2025/jun/04/security-releases",[267],[270],{"url":326,"sources":327,"tags":328},"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases",[267],[270],[],{"date":331,"score":256,"percentile":332},"2026-06-04",0.61754,[334,338,341,344,347,349,352,355,358,361,365,368,371,374,377,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,432,435,437,440,443,446,449,452,455,458,460,463,466,469,472,475,478,481,484,487,490,493,497,500,503,507,510,513,516,519,522,525,528,531,534,538,541,544,547,550,553,555,558,561,565,568,571,574,577,580,583,586,589,592,595,598,601,604],{"date":335,"score":336,"percentile":337},"2025-11-04",0.00058,0.18189,{"date":339,"score":336,"percentile":340},"2025-11-05",0.18204,{"date":342,"score":336,"percentile":343},"2025-11-06",0.18172,{"date":345,"score":336,"percentile":346},"2025-11-07",0.18191,{"date":348,"score":336,"percentile":346},"2025-11-08",{"date":350,"score":336,"percentile":351},"2025-11-09",0.18167,{"date":353,"score":336,"percentile":354},"2025-11-10",0.18129,{"date":356,"score":336,"percentile":357},"2025-11-11",0.18136,{"date":359,"score":336,"percentile":360},"2025-11-12",0.18174,{"date":362,"score":363,"percentile":364},"2025-11-13",0.00079,0.24089,{"date":366,"score":363,"percentile":367},"2025-11-14",0.24081,{"date":369,"score":363,"percentile":370},"2025-11-15",0.24066,{"date":372,"score":363,"percentile":373},"2025-11-16",0.2402,{"date":375,"score":363,"percentile":376},"2025-11-17",0.23977,{"date":378,"score":379,"percentile":380},"2025-11-18",0.0046,0.6146,{"date":382,"score":379,"percentile":383},"2025-11-19",0.61475,{"date":385,"score":379,"percentile":386},"2025-11-20",0.61463,{"date":388,"score":363,"percentile":389},"2025-11-21",0.23921,{"date":391,"score":363,"percentile":392},"2025-11-22",0.23917,{"date":394,"score":363,"percentile":395},"2025-11-23",0.2387,{"date":397,"score":363,"percentile":398},"2025-11-24",0.23837,{"date":400,"score":363,"percentile":401},"2025-11-25",0.23825,{"date":403,"score":363,"percentile":404},"2025-11-26",0.23811,{"date":406,"score":363,"percentile":407},"2025-11-27",0.23808,{"date":409,"score":363,"percentile":410},"2025-11-28",0.23789,{"date":412,"score":363,"percentile":413},"2025-11-29",0.2377,{"date":415,"score":363,"percentile":416},"2025-11-30",0.23763,{"date":418,"score":363,"percentile":419},"2025-12-01",0.23797,{"date":421,"score":363,"percentile":422},"2025-12-02",0.23812,{"date":424,"score":363,"percentile":425},"2025-12-03",0.23826,{"date":427,"score":363,"percentile":428},"2025-12-04",0.23752,{"date":430,"score":363,"percentile":431},"2025-12-05",0.23801,{"date":433,"score":363,"percentile":434},"2025-12-06",0.238,{"date":436,"score":363,"percentile":416},"2025-12-07",{"date":438,"score":363,"percentile":439},"2025-12-08",0.23771,{"date":441,"score":363,"percentile":442},"2025-12-09",0.23827,{"date":444,"score":363,"percentile":445},"2025-12-10",0.23897,{"date":447,"score":363,"percentile":448},"2025-12-11",0.23931,{"date":450,"score":363,"percentile":451},"2025-12-12",0.23946,{"date":453,"score":363,"percentile":454},"2025-12-13",0.2395,{"date":456,"score":363,"percentile":457},"2025-12-14",0.2392,{"date":459,"score":363,"percentile":445},"2025-12-15",{"date":461,"score":363,"percentile":462},"2025-12-16",0.23919,{"date":464,"score":363,"percentile":465},"2025-12-17",0.23999,{"date":467,"score":363,"percentile":468},"2025-12-18",0.24023,{"date":470,"score":363,"percentile":471},"2025-12-19",0.24041,{"date":473,"score":363,"percentile":474},"2025-12-20",0.24008,{"date":476,"score":363,"percentile":477},"2025-12-21",0.23954,{"date":479,"score":363,"percentile":480},"2025-12-22",0.23913,{"date":482,"score":363,"percentile":483},"2025-12-23",0.23889,{"date":485,"score":363,"percentile":486},"2025-12-24",0.23898,{"date":488,"score":363,"percentile":489},"2025-12-25",0.23976,{"date":491,"score":363,"percentile":492},"2025-12-26",0.23961,{"date":494,"score":495,"percentile":496},"2025-12-27",0.00044,0.1359,{"date":498,"score":363,"percentile":499},"2025-12-28",0.23874,{"date":501,"score":363,"percentile":502},"2025-12-29",0.23841,{"date":504,"score":505,"percentile":506},"2025-12-30",0.00106,0.29342,{"date":508,"score":505,"percentile":509},"2025-12-31",0.29401,{"date":511,"score":505,"percentile":512},"2026-01-01",0.29519,{"date":514,"score":505,"percentile":515},"2026-01-02",0.29516,{"date":517,"score":505,"percentile":518},"2026-01-03",0.29498,{"date":520,"score":505,"percentile":521},"2026-01-04",0.2938,{"date":523,"score":505,"percentile":524},"2026-01-05",0.29377,{"date":526,"score":505,"percentile":527},"2026-01-06",0.29389,{"date":529,"score":505,"percentile":530},"2026-01-07",0.29419,{"date":532,"score":505,"percentile":533},"2026-01-08",0.29444,{"date":535,"score":536,"percentile":537},"2026-01-09",0.00101,0.28628,{"date":539,"score":536,"percentile":540},"2026-01-10",0.28617,{"date":542,"score":536,"percentile":543},"2026-01-11",0.28596,{"date":545,"score":536,"percentile":546},"2026-01-12",0.28548,{"date":548,"score":536,"percentile":549},"2026-01-13",0.28524,{"date":551,"score":536,"percentile":552},"2026-01-14",0.28569,{"date":554,"score":536,"percentile":552},"2026-01-15",{"date":556,"score":536,"percentile":557},"2026-01-16",0.286,{"date":559,"score":536,"percentile":560},"2026-01-17",0.28602,{"date":562,"score":563,"percentile":564},"2026-01-18",0.00109,0.29943,{"date":566,"score":563,"percentile":567},"2026-01-19",0.29909,{"date":569,"score":536,"percentile":570},"2026-01-20",0.28503,{"date":572,"score":536,"percentile":573},"2026-01-21",0.28442,{"date":575,"score":536,"percentile":576},"2026-01-22",0.28415,{"date":578,"score":536,"percentile":579},"2026-01-23",0.28489,{"date":581,"score":536,"percentile":582},"2026-01-24",0.28477,{"date":584,"score":536,"percentile":585},"2026-01-25",0.284,{"date":587,"score":536,"percentile":588},"2026-01-26",0.28314,{"date":590,"score":536,"percentile":591},"2026-01-27",0.28293,{"date":593,"score":536,"percentile":594},"2026-01-28",0.2828,{"date":596,"score":536,"percentile":597},"2026-01-29",0.28233,{"date":599,"score":536,"percentile":600},"2026-01-30",0.28225,{"date":602,"score":536,"percentile":603},"2026-01-31",0.28228,{"date":605,"score":536,"percentile":606},"2026-02-01",0.28294,[608,615,618],{"source":266,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":609,"cvss_v4_0":9},{"baseScore":610,"baseSeverity":611,"vectorString":612,"impactScore":613,"exploitabilityScore":614},4,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",2.3,5.6,{"source":260,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":616,"cvss_v4_0":9},{"baseScore":258,"baseSeverity":611,"vectorString":261,"impactScore":613,"exploitabilityScore":617},10,{"source":267,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":619,"cvss_v4_0":9},{"baseScore":610,"baseSeverity":9,"vectorString":612,"impactScore":613,"exploitabilityScore":614},[621,630,651],{"ecosystem":9,"name":622,"vendor":623,"product":624,"cpe_part":625,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":626},"debian linux","debian","debian_linux","o",[627],{"version":628,"is_range":254,"range_type":629,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":631,"vendor":632,"product":633,"cpe_part":634,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":635},"Django","djangoproject","django","a",[636,643,647],{"version":637,"is_range":638,"range_type":629,"version_start":639,"version_start_type":640,"version_end":641,"version_end_type":642,"fixed_in":9},"gte4.2_lt4.2.23",true,"4.2","including","4.2.23","excluding",{"version":644,"is_range":638,"range_type":629,"version_start":645,"version_start_type":640,"version_end":646,"version_end_type":642,"fixed_in":9},"gte5.1_lt5.1.11","5.1","5.1.11",{"version":648,"is_range":638,"range_type":629,"version_start":649,"version_start_type":640,"version_end":650,"version_end_type":642,"fixed_in":9},"gte5.2_lt5.2.3","5.2","5.2.3",{"ecosystem":652,"name":633,"vendor":652,"product":633,"cpe_part":9,"purl_type":653,"purl_namespace":9,"purl_name":633,"source":9,"versions":654},"PyPI","pypi",[655,659,662,666],{"version":656,"is_range":638,"range_type":657,"version_start":639,"version_start_type":640,"version_end":658,"version_end_type":642,"fixed_in":9},"gte4_2_lt4_2_22","ecosystem","4.2.22",{"version":660,"is_range":638,"range_type":657,"version_start":649,"version_start_type":640,"version_end":661,"version_end_type":642,"fixed_in":9},"gte5_2_lt5_2_2","5.2.2",{"version":663,"is_range":638,"range_type":657,"version_start":664,"version_start_type":640,"version_end":665,"version_end_type":642,"fixed_in":9},"gte5_0a1_lt5_1_10","5.0a1","5.1.10",{"version":667,"is_range":638,"range_type":657,"version_start":9,"version_start_type":9,"version_end":658,"version_end_type":642,"fixed_in":9},"lt4_2_22"]