192 matches found
OESA-2023-1099 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...
The vulnerability of the Django web application software platform, related to unlimited resource distribution, allows attackers to trigger service failures.
The vulnerability of the Django web application framework lies in the unlimited distribution of resources when processing the Accept-Language header. Exploiting this vulnerability can allow a remote attacker to cause service failures...
PT-2023-3407
Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...
Django 安全漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, a view system, a template system, and more. A security vulnerability exists in Django versions 3.2 prior to 3.2.15 and 4.0 prior to 4.0.7...
Django Extract and Trunc functions vulnerable to SQL injection
Overview Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerabilityCWE-89. Takuto Yoshikai of Aeye Security Lab reported this vulnerability to the developer and coordinated. Aft...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes object-oriented mapper, view system, template system, etc. Django has a SQL injection vulnerability that can be exploited by attackers to send specially crafted SQL...
OESA-2022-1642 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column...
Cobbler Web Interface Lacks CSRF Protection
cobbler: Web interface lacks CSRF protection when using Django framework...
Cross-Site Request Forgery (CSRF)
cobbler: Web interface lacks CSRF protection when using Django framework...
django-mfa3 授权问题漏洞
django-mfa3 is a stubborn Django application that handles multi-factor authentication MFA via FIDO2, TOTP and recovery code. A security vulnerability exists in django-mfa3. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...
UBUNTU-CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
Github spirit input validation error vulnerability
Github spirit is a Python-based forum built using the Django framework. github spirit is vulnerable to an input validation error, which stems from sending a request that results in an insecure redirect. No detailed vulnerability details are available at this time...
Github spirit 输入验证错误漏洞
Github spirit is a Python-based forum built using the Django framework. github spirit is vulnerable to an input validation error, which stems from sending a request that results in an insecure redirect. No detailed vulnerability details are available at this time...
The vulnerability of the Django web application framework, related to the lack of protection for website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Django web application framework is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...
Django Cross-Site Scripting Vulnerability (CNVD-2022-08043)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has a cross-site scripting vulnerability in version 3.7.3 that stems from not validating th...
DEBIAN-CVE-2021-45115
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user...
Django 输入验证错误漏洞
Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. A security vulnerability exists in Django versions 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1...
PYSEC-2021-439
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...
CVE-2021-42134
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053...