MGASA-2024-0075 Updated python-django package fixes a security vulnerability

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...

MGASA-2019-0086 Updated python-django packages fix security vulnerability

If django.utils.numberformat.format -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ':f'.format CVE-2019-6975...

MGASA-2016-0096 Updated python-django packages fix security vulnerability

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...

MGASA-2015-0463 Updated python-django packages fix security vulnerability

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...