Primary

Context

Liangliangyy DjangoBlog Hardcoded Amap API Key Vulnerability

Vulnerability

A vulnerability exists in Liangliangyy DjangoBlog versions up to 2.1.0.0, where a hardcoded Amap (Gaode Maps) API key is exposed in the file owntracks/views.py. This vulnerability allows for unauthorized Amap API calls, which could lead to unexpected costs and misuse of location data. The issue can be exploited remotely without any authentication.

Impact

The hardcoded Amap API key is publicly accessible, allowing for unauthorized use of the Amap API. This could result in financial costs for the key owner and potential misuse of location data.

Remediation

It is recommended to move the Amap API key to an environment variable and rotate the exposed key immediately.

Added: Apr 19, 2026, 11:20 PM

Updated: Apr 19, 2026, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

6.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

6.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liangliangyy DjangoBlog Hardcoded Amap API Key Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating