Django Security Vulnerabilities and Issues — Django CVE List

Lucene search

DjangoprojectDjango

4 matches found

CVE•added 2024/08/07 3:15 p.m.•136 views

CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

7.5CVSS6.8AI score0.00173EPSS

CVE•added 2024/08/07 3:15 p.m.•130 views

CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

9.8CVSS7.8AI score0.00285EPSS

CVE•added 2024/08/07 3:15 p.m.•94 views

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

7.5CVSS6.8AI score0.00173EPSS

CVE•added 2024/08/07 3:15 p.m.•82 views

CVE-2024-41990

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

7.5CVSS6.8AI score0.00164EPSS