VYPR

rpm package

suse/python-Django&distro=SUSE Package Hub 15 SP4

pkg:rpm/suse/python-Django&distro=SUSE%20Package%20Hub%2015%20SP4

Vulnerabilities (6)

  • CVE-2023-43665HigNov 3, 2023
    affected < 2.2.28-bp154.2.15.1fixed 2.2.28-bp154.2.15.1

    In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML tex

  • CVE-2023-36053HigJul 3, 2023
    affected < 2.2.28-bp154.2.12.1fixed 2.2.28-bp154.2.12.1

    In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

  • CVE-2023-24580HigFeb 15, 2023
    affected < 2.2.28-bp154.2.9.1fixed 2.2.28-bp154.2.9.1

    An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a po

  • CVE-2023-23969HigFeb 1, 2023
    affected < 2.2.28-bp154.2.6.1fixed 2.2.28-bp154.2.6.1

    In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language hea

  • CVE-2022-41323HigOct 16, 2022
    affected < 2.2.28-bp154.2.6.1fixed 2.2.28-bp154.2.6.1

    In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

  • CVE-2022-36359HigAug 3, 2022
    affected < 2.2.28-bp154.2.3.3fixed 2.2.28-bp154.2.3.3

    An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-suppli