Releases134
Frequency1 month 3 days
Last Release
Downloads118M
unicorn is an HTTP server for Rack applications designed to only serve fast clients on low-latency, high-bandwidth connections and take advantage of features in Unix/Unix-like kernels. Slow clients should only be served by placing a reverse proxy capable of fully buffering both the the request and response in between unicorn and slow clients.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 0.67.05.3 MEDIUM

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.

< 0.36.16.1 MEDIUM4.3 MEDIUM

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

<= 0.35.35.4 MEDIUM3.5 LOW

The Unicorn framework through 0.35.3 for Django allows XSS via component.name.