CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

Django Potential Denial of Service (DoS) on Windows

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

DLA-4010-1 python-django - security update

Bulletin has no description...

CVE-2024-39329 vulnerabilities

Vulnerabilities for packages: py3-django...

OPENSUSE-SU-2023:0390-1 Security update for python-Django1

This update for python-Django1 fixes the following issues: - CVE-2023-43665: Fixed Denial-of-service vulnerability in django.utils.text.Truncator boo1215978...

PT-2023-7994 · Django +5 · Django +5

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.20 Django versions 4.1 through 4.1.10 Django versions 4.2 through 4.2.4 Description: The issue is related to the django.utils.encoding.uri to iri component of the Django web application platform, which is...

Django Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...

DLA-2676-1 python-django - security update

Bulletin has no description...

Django 2.2 < 2.2.20, 3.0 < 3.0.14, 3.1 < 3.1.8 Directory Traversal Vulnerability - Linux

Django is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...

SUSE-SU-2020:2055-1 Security update for python-Django

This update for python-Django fixes the following issues: - Fixed potential XSS in admin ForeignKeyRawIdWidget bsc1172166, CVE-2020-13596...

DLA-885-1 python-django - security update

Bulletin has no description...

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

django -- multiple vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...