CVE-2026-31815 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due t…
Medium CVSS: 5.3

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
Vendor
Django-unicorn
Product
Unicorn
CWE
CWE-284
Yayın Tarihi
2026-03-10 22:16:19
Güncelleme
2026-03-18 19:36:52
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-284 Unicorn MEDIUM Django-unicorn 2026

Referanslar

https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367