177 matches found
CVE-2021-35042
CVE-2021-35042 affects Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5. The issue arises from unsanitized input passed to QuerySet.order_by(), allowing a potential SQL injection via client-provided order_by values. Impact: remote attacker could execute SQL injection; observed in multiple adviso...
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...
Django SQL Injection Vulnerability (CNVD-2021-49046)
Django is an open source web application framework , written in Python . A SQL injection vulnerability exists in Django versions 3.2.x prior to 3.2.5 and 3.1.x prior to 3.1.13. The vulnerability is related to a code flaw. querySet.orderby does not perform strict validation of data when processing...
GHSA-6R97-CJ55-9HRQ SQL Injection in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
DEBIAN-CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
PYSEC-2019-13
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
PYSEC-2019-83
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
Django -- multiple vulnerabilities
Django release notes: CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
openSUSE Security Update : python-Django1 (openSUSE-2019-608)
This update for python-Django1 to version 1.11.15 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed WKBWriter.write and writehex for empty...
Security update for python-Django1 (important)
This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...
Security update for python-Django (moderate)
This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...
openSUSE Security Update : python-Django1 (openSUSE-2018-875)
This update for python-Django1 to version 1.11.15 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed WKBWriter.write and writehex for empty...
OPENSUSE-SU-2018:2809-1 Security update for python-Django1
This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed WKBWriter.write and writehex for empty...
Security update for python-Django (moderate)
This update for python-Django to 1.11.15 fixes the following issues: This security issue was fixed: - CVE-2018-14574: Prevent open redirect in django.middleware.common.CommonMiddleware bsc1102680. These non-security issues were fixed: - Fixed WKBWriter.write and writehex for empty polygons on GEO...