rpm package
suse/python-Django&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
pkg:rpm/suse/python-Django&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39329 | — | < 4.2.11-150600.3.3.1 | 4.2.11-150600.3.3.1 | Jul 10, 2024 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. | ||
| CVE-2024-38875 | — | < 4.2.11-150600.3.3.1 | 4.2.11-150600.3.3.1 | Jul 10, 2024 | An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. |
- CVE-2024-39329Jul 10, 2024affected < 4.2.11-150600.3.3.1fixed 4.2.11-150600.3.3.1
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
- CVE-2024-38875Jul 10, 2024affected < 4.2.11-150600.3.3.1fixed 4.2.11-150600.3.3.1
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
Page 2 of 2