VYPR

rpm package

suse/python-Django1&distro=SUSE Package Hub 15 SP4

pkg:rpm/suse/python-Django1&distro=SUSE%20Package%20Hub%2015%20SP4

Vulnerabilities (3)

  • CVE-2023-43665Nov 3, 2023
    affected < 1.11.29-bp154.2.9.1fixed 1.11.29-bp154.2.9.1

    In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML tex

  • CVE-2023-36053Jul 3, 2023
    affected < 1.11.29-bp154.2.6.1fixed 1.11.29-bp154.2.6.1

    In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

  • CVE-2023-24580Feb 15, 2023
    affected < 1.11.29-bp154.2.3.1fixed 1.11.29-bp154.2.3.1

    An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a po