Django Security Vulnerabilities and Issues — Django CVE List

Lucene search

DjangoprojectDjango

4 matches found

CVE•added 2024/07/10 5:15 a.m.•1237 views

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certai...

4.3CVSS6.9AI score0.00126EPSS

CVE•added 2024/07/10 5:15 a.m.•258 views

CVE-2024-38875

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

7.5CVSS6.9AI score0.00304EPSS

CVE•added 2024/07/10 5:15 a.m.•257 views

CVE-2024-39614

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

7.5CVSS6.8AI score0.02375EPSS

Web

CVE•added 2024/07/10 5:15 a.m.•247 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

5.3CVSS7AI score0.00112EPSS