Fedora 40 : python-django (2024-5c7fb64c74)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5c7fb64c74 advisory. Security fix for CVE-2024-24680 and CVE-2024-27351 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 38 : python-django3 (2024-84fbbbb914)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-84fbbbb914 advisory. Security fixes for - CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words - CVE-2024-24680 denial-of-service in...

Fedora 39 : python-django (2024-2ec03ca8cb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2ec03ca8cb advisory. Security fix for CVE-2024-24680 and CVE-2024-27351 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Mageia: Security Advisory (MGASA-2024-0075)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-DJANGO-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for ...

OESA-2024-1229 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service...

OESA-2024-1165 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service...

SUSE CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +124 more potentially affected by CVE-2023-41164 via django (>=3.2.0 <=3.2.20)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2023-41164 Source advisory: OSV:GHSA-7H4P-27MH-HMRW...

CVE-2023-41164

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri is subject to a potential DoS denial of service attack via certain inputs with a very large number of Unicode characters...

CVE-2023-46695

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS denial of service attack via certain inputs with a very large number of...

Debian dla-3500 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3500 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3500-1 [email protected] https://www.debian.org/lts/security/...

Fedora 37 : python-django3 (2023-8f9d949dbc)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8f9d949dbc advisory. - Update to latest 3.2 release - Security fix for CVE-2023-31047 - Provide python3-django so it can be used by dependents that do not use the...

Fedora 38 : python-django3 (2023-0d20d09f2d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0d20d09f2d advisory. - Update to latest 3.2 release - Security fix for CVE-2023-31047 - Provide python3-django so it can be used by dependents that do not use the...

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

SUSE CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.12) +109 more potentially affected by CVE-2023-24580 via django (>=3.2.0 <=3.2.17)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 and more Source cves: CVE-2023-24580 Source advisory: OSV:GHSA-2HRW-HX67-34X6...

Design/Logic Flaw

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for ...