Django vulnerabilities

2024-07-0900:00:00

ubuntu.com

django

security update

ubuntu

vulnerabilities

cve-2024-38875

cve-2024-39329

cve-2024-39330

cve-2024-39614

denial of service

remote attack

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

15.8%

JSON

Releases

Ubuntu 24.04 LTS
Ubuntu 23.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS

Packages

python-django - High-level Python web development framework

Details

Elias Myllymäki discovered that Django incorrectly handled certain inputs
with a large number of brackets. A remote attacker could possibly use this
issue to cause Django to consume resources or stop responding, resulting in
a denial of service. (CVE-2024-38875)

It was discovered that Django incorrectly handled authenticating users with
unusable passwords. A remote attacker could possibly use this issue to
perform a timing attack and enumerate users. (CVE-2024-39329)

Josh Schneier discovered that Django incorrectly handled file path
validation when the storage class is being derived. A remote attacker could
possibly use this issue to save files into arbitrary directories.
(CVE-2024-39330)

It was discovered that Django incorrectly handled certain long strings that
included a specific set of characters. A remote attacker could possibly use
this issue to cause Django to consume resources or stop responding,
resulting in a denial of service. (CVE-2024-39614)

OSVersionArchitecturePackageVersionFilename
Ubuntu24.04noarchpython3-django< 3:4.2.11-1ubuntu1.1UNKNOWN
Ubuntu24.04noarchpython-django-doc< 3:4.2.11-1ubuntu1.1UNKNOWN
Ubuntu23.10noarchpython3-django< 3:4.2.4-1ubuntu2.3UNKNOWN
Ubuntu23.10noarchpython-django-doc< 3:4.2.4-1ubuntu2.3UNKNOWN
Ubuntu22.04noarchpython3-django< 2:3.2.12-2ubuntu1.12UNKNOWN
Ubuntu22.04noarchpython-django-doc< 2:3.2.12-2ubuntu1.12UNKNOWN
Ubuntu20.04noarchpython3-django< 2:2.2.12-1ubuntu0.23UNKNOWN
Ubuntu20.04noarchpython-django-doc< 2:2.2.12-1ubuntu0.23UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	24.04	noarch	python3-django	< 3:4.2.11-1ubuntu1.1	UNKNOWN
Ubuntu	24.04	noarch	python-django-doc	< 3:4.2.11-1ubuntu1.1	UNKNOWN
Ubuntu	23.10	noarch	python3-django	< 3:4.2.4-1ubuntu2.3	UNKNOWN
Ubuntu	23.10	noarch	python-django-doc	< 3:4.2.4-1ubuntu2.3	UNKNOWN
Ubuntu	22.04	noarch	python3-django	< 2:3.2.12-2ubuntu1.12	UNKNOWN
Ubuntu	22.04	noarch	python-django-doc	< 2:3.2.12-2ubuntu1.12	UNKNOWN
Ubuntu	20.04	noarch	python3-django	< 2:2.2.12-1ubuntu0.23	UNKNOWN
Ubuntu	20.04	noarch	python-django-doc	< 2:2.2.12-1ubuntu0.23	UNKNOWN