Threats Tagged 'ghsa-r3hx-x5rh-p9vv'
View all threats tagged with 'ghsa-r3hx-x5rh-p9vv'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-r3hx-x5rh-p9vv'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-r3hx-x5rh-p9vv: django-haystack: Remote Code Execution via `eval()` in Elasticsearch Result Deserialization 0 A remote code execution (RCE) vulnerability exists in django-haystack's Elasticsearch backend due to unsafe use of eval() on attacker-controlled data during result deserialization. When a SearchField uses an index_fieldname alias different from the logical field name, the backend fails to remap the alias, causing it to call eval() on raw Elasticsearch field values. An attacker able to control indexed content and trigger a search returning that content can execute arbitrary code in the Django application process. This affects django-haystack versions prior to 3.4.0. Join the discussion | GCVE Database | 07/15/2026, 22:42:28 UTC Added: 07/16/2026, 10:35:49 UTC |
Showing 1 to 1 of 1 result