unicorn
Releases134
Frequency1 month 3 days
Last Release
Downloads118M
unicorn is an HTTP server for Rack applications designed to only serve
fast clients on low-latency, high-bandwidth connections and take
advantage of features in Unix/Unix-like kernels. Slow clients should
only be served by placing a reverse proxy capable of fully buffering
both the the request and response in between unicorn and slow clients.
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 0.67.0 | 5.3 MEDIUM | — | ||
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0. | ||||
| < 0.36.1 | 6.1 MEDIUM | 4.3 MEDIUM | ||
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | ||||
| <= 0.35.3 | 5.4 MEDIUM | 3.5 LOW | ||
The Unicorn framework through 0.35.3 for Django allows XSS via component.name. | ||||