rpm package
suse/python-Django1&distro=SUSE Package Hub 15 SP4
pkg:rpm/suse/python-Django1&distro=SUSE%20Package%20Hub%2015%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43665 | — | < 1.11.29-bp154.2.9.1 | 1.11.29-bp154.2.9.1 | Nov 3, 2023 | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML tex | ||
| CVE-2023-36053 | — | < 1.11.29-bp154.2.6.1 | 1.11.29-bp154.2.6.1 | Jul 3, 2023 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | ||
| CVE-2023-24580 | — | < 1.11.29-bp154.2.3.1 | 1.11.29-bp154.2.3.1 | Feb 15, 2023 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a po |
- CVE-2023-43665Nov 3, 2023affected < 1.11.29-bp154.2.9.1fixed 1.11.29-bp154.2.9.1
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML tex
- CVE-2023-36053Jul 3, 2023affected < 1.11.29-bp154.2.6.1fixed 1.11.29-bp154.2.6.1
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
- CVE-2023-24580Feb 15, 2023affected < 1.11.29-bp154.2.3.1fixed 1.11.29-bp154.2.3.1
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a po