How severe is CVE-2022-36359?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-36359?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2022-36359 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Related Vulnerabilities

CVE-2018-19234

HIGH

CVSS:8.8(High)

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update val...

CWE-4942018

CVE-2018-4009

HIGH

CVSS:8.8(High)

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their ...

CWE-4942018

CVE-2019-12809

HIGH

CVSS:8.8(High)

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the Activ...

CWE-4942019

CVE-2020-1210

HIGH

CVSS:8.8(High)

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera...

CWE-4942020

CVE-2020-1576

HIGH

CVSS:8.8(High)

CWE-4942020

CVE-2020-1595

HIGH

CVSS:8.8(High)

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run ...

CWE-4942020