13 matches found
Astra Linux - уязвимость в python-django
A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000174)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000174 advisory. An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +254 more potentially affected by CVE-2025-13372 via django (>=5.0.0 <=5.1.14)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2025-13372 Source advisory: SNYK:PYTHON-DJANGO-14157810...
aldryn-django (=5.0.10.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2024-56374 via django (>=5.0.0 <=5.0.10)
django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2024-56374 Source advisory: OSV:PYSEC-2025-1...
SUSE CVE-2024-41990
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...
SUSE CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
PYSEC-2024-70
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
UBUNTU-CVE-2024-41990
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...
PT-2024-5584
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to SQL injection in the QuerySet.values and values list methods on models with a JSONField. This vulnerability can be exploited by passing a...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +235 more potentially affected by CVE-2024-38875 via django (>=5.0.0 <=5.0.6)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-38875 Source advisory: OSV:GHSA-QG2P-9JWR-MMQF...
PT-2024-6068
Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue is related to the get supported language variant function in Django, which can be subject to a potential denial-of-service attack when used with very...
PT-2024-6224
Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. This is due to the...
PYSEC-2024-28
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...