openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload...

SUSE-SU-2023:2839-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field bsc1210866. - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator...

OPENSUSE-SU-2023:0178-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator boo1212742 - CVE-2023-24580: Fixed potential denial-of-service vulnerability in file uploads boo1208082 - CVE-2023-23969:...

Security update for python-Django (moderate)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2023:0178-1 Rating: moderate References: 1203793 1207565 1208082 1212742 Cross-References: CVE-2022-41323 CVE-2023-23969 CVE-2023-24580 CVE-2023-36053 CVSS scores: CVE-2022-41323 NVD : 7.5...

openSUSE 15 Security Update : python-Django1 (openSUSE-SU-2023:0177-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0177-1 advisory. - In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression...

openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0174-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0174-1 advisory. - In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression...

OPENSUSE-SU-2023:0174-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator boo1212742...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2023:0174-1 Rating: important References: 1212742 Cross-References: CVE-2023-36053 CVSS scores: CVE-2023-36053 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports...

Ubuntu: Security Advisory (USN-6203-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-django-filter (FEDORA-2023-4dee6d0a76)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : python-django-filter (2023-4dee6d0a76)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4dee6d0a76 advisory. New upstream version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Ubuntu: Security Advisory (USN-6054-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2023-0165)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-django packages fix security vulnerability

Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...

Debian: Security Advisory (DLA-3415-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3415 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3415 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3415-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu: Security Advisory (USN-6054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-31047

A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded...

python-django: Potential denial-of-service vulnerability in file uploads

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service...

python-django: Potential denial-of-service via Accept-Language headers

A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...