21 matches found
Ubuntu: Security Advisory (USN-4381-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.4 (python-django) security update
An update for python-django is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat OpenStack Platform 16.1.4 (python-django) (RHSA-2021:0915)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0915 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.17-alt1
Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1 - new version 2.2.17 - Fixes for the following security vulnerabilities: + CVE-2020-13254 Potential data leakage via malformed memcached keys + CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget + CVE-2020-24583: Incorrect permissions on...
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-django (FEDORA-2020-c2639662af)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : python-django (2020-2e7d30f7aa)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 32 : python-django (2020-c2639662af)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2233-2] python-django regression update
Package : python-django Version : 1.7.11-1+deb8u10 CVE ID : CVE-2020-13254 It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some...
Django 2.2.x < 2.2.13, 3.0.x < 3.0.7 Multiple Vulnerabilities - Windows
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
alcali (>=2018.3.4 <=3000.1.0), argus-server (>=1.0.0 <=1.1.1) +173 more potentially affected by CVE-2020-13254 via django (>=3.0.0 <=3.0.6)
django PYPI version =3.0.0, =2018.3.4, =1.0.0, =0.1.0, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.1.1, =0.0.1, =0.1.3 - deustest2022 =1.0.0 - djangelo =0.1.4 - django-account-rcg-chandu =0.1.0 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...
Debian DLA-2233-2 : python-django regression update
It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some situations, cause a traceback. Please see for more information. For Debian 8...
FreeBSD : Django -- multiple vulnerabilities (597d02ce-a66c-11ea-af32-080027846a02)
Django security release reports : CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Django vulnerabilities (USN-4381-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4381-1 advisory. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to...
Ubuntu: Security Advisory (USN-4381-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-13254
A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. This flaw causes a key collision and potential data leakage. The highest threat from this vulnerability is to confidentiality...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:PYSEC-2020-31...
CVE-2020-13254
Django CVE-2020-13254 affects Django 2.2 (before 2.2.13) and 3.0 (before 3.0.7). Root cause: memcached backends that do not validate keys can produce key collisions with malformed cache keys, enabling potential data leakage. Multiple upstream advisories (Arch Linux ASA-202006-8; Debian DSA-4705-1...
USN-4381-1: Django vulnerabilities
Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. CVE-2020-13254 Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin...