OPENSUSE-SU-2024:0017-1 Security update for python-django-grappelli

This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...

SUSE CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

Ubuntu 16.04 ESM : Django vulnerabilities (USN-5373-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5373-2 advisory. USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

PT-2021-3508

Name of the Vulnerable Software and Affected Versions Django versions 3.1.x through 3.1.12 Django versions 3.2.x through 3.2.4 Description The issue is related to the QuerySet.order by function in the Django web application platform, which does not properly protect the SQL query structure. This...

CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

PT-2021-4548 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 through 2.2.20 Django versions 3.1 through 3.1.8 Django versions 3.2 through 3.2.0 Description: The issue is related to the lack of restrictions on file uploads in the Django web application platform, specifically in the...