Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
Package | Installed | Affected | Info |
---|---|---|---|
Django | 2.2.28 | <3.2.16 , >=4.0a1,<4.0.8 , >=4.1a1,<4.1.2 |
show In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Django | 2.2.28 | <3.2.14 , >=4.0a1,<4.0.6 |
show Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. https://www.djangoproject.com/weblog/2022/jul/04/security-releases |
Django | 2.2.28 | <3.2.17 , >=4.0a1,<4.0.9 , >=4.1a1,<4.1.6 |
show Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. https://www.djangoproject.com/weblog/2023/feb/01/security-releases |
Django | 2.2.28 | <3.2.23 , >=4.0a1,<4.1.13 , >=4.2a1,<4.2.7 |
show Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows. https://www.djangoproject.com/weblog/2023/nov/01/security-releases |
Django | 2.2.28 | <3.2.19 , >=4.0a1,<4.1.9 , >=4.2a1,<4.2.1 |
show Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. https://www.djangoproject.com/weblog/2023/may/03/security-releases |
Django | 2.2.28 | <3.2.18 , >=4.0a1,<4.0.10 , >=4.1a1,<4.1.7 |
show Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Potential denial-of-service vulnerability in file uploads. https://www.djangoproject.com/weblog/2023/feb/14/security-releases |
Django | 2.2.28 | >=4.0a1,<4.1.10 , >=4.2a1,<4.2.3 , <3.2.20 |
show Affected versions of Django are vulnerable to a potential ReDoS (regular expression denial of service) in EmailValidator and URLValidator via a very large number of domain name labels of emails and URLs. |
Django | 2.2.28 | <3.2.25 , >=4.0a1,<4.2.11 , >=5.0a1,<5.0.3 |
show Affected versions of Django are vulnerable to potential regular expression denial-of-service (REDoS). django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a suitably crafted string (follow up to CVE-2019-14232 and CVE-2023-43665). |
Django | 2.2.28 | <3.2.22 , >=4.0a1,<4.1.12 , >=4.2a1,<4.2.6 |
show Affected versions of Django are vulnerable to Denial-of-Service via django.utils.text.Truncator. The django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
Django | 2.2.28 | <3.2.21 , >=4.0a1,<4.1.11 , >=4.2a1,<4.2.5 |
show Affected versions of Django are vulnerable to potential Denial of Service via certain inputs with a very large number of Unicode characters in django.utils.encoding.uri_to_iri(). |
Django | 2.2.28 | <3.2.24 , >=4.0a1,<4.2.10 , >=5.0a1,<5.0.2 |
show Affected versions of Django are vulnerable to potential denial-of-service in intcomma template filter when used with very long strings. |
Django | 2.2.28 | <3.2.15 , >=4.0a1,<4.0.7 |
show Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. https://www.djangoproject.com/weblog/2022/aug/03/security-releases |
https://pyup.io/repos/github/chrisspen/django-database-files-3000/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/chrisspen/django-database-files-3000/python-3-shield.svg)](https://pyup.io/repos/github/chrisspen/django-database-files-3000/)
.. image:: https://pyup.io/repos/github/chrisspen/django-database-files-3000/python-3-shield.svg :target: https://pyup.io/repos/github/chrisspen/django-database-files-3000/ :alt: Python 3
<a href="https://pyup.io/repos/github/chrisspen/django-database-files-3000/"><img src="https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/chrisspen/django-database-files-3000/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/chrisspen/django-database-files-3000/
{<img src="https://pyup.io/repos/github/chrisspen/django-database-files-3000/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/chrisspen/django-database-files-3000/]
https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg
[![Updates](https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg)](https://pyup.io/repos/github/chrisspen/django-database-files-3000/)
.. image:: https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg :target: https://pyup.io/repos/github/chrisspen/django-database-files-3000/ :alt: Updates
<a href="https://pyup.io/repos/github/chrisspen/django-database-files-3000/"><img src="https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg(Updates)!:https://pyup.io/repos/github/chrisspen/django-database-files-3000/
{<img src="https://pyup.io/repos/github/chrisspen/django-database-files-3000/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/chrisspen/django-database-files-3000/]