Django-Unicorn: >> Unicorn >> 0.36.0 Security Vulnerabilities
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-10
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-11