3 matches found
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
PT-2025-35820
Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.24 Django versions prior to 5.1.12 Django versions prior to 5.2.6 Description An issue was discovered in Django’s FilteredRelation feature, leading to SQL injection in column aliases when using a crafted dictionary...
SUSE CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...