4 matches found
OESA-2024-1164 python-django security update
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service...
SQL Injection in Django
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
DEBIAN-CVE-2021-45452
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), apis-ampel (=0.1.0) +44 more potentially affected by CVE-2021-31542 via django (>=3.2.0 <=3.2.0rc1)
django PYPI version =3.2.0, =1.0.1a0, =0.2.0, =0.14.0, =0.13.0, =0.8.0, =0.9.16 and more Source cves: CVE-2021-31542 Source advisory: OSV:PYSEC-2021-7...