master
8 months, 3 weeks ago
![@dependabot[bot]](https://avatars3.githubusercontent.com/u/861044?v=3&s=32){kind=small}
Bump python from 3.12.7 to 3.12.8 in docs Docker image (#5573)
No dependencies with known security vulnerabilities.
master
8 months, 3 weeks ago
Update hiredis to 3.1.0 (#5571)
No dependencies with known security vulnerabilities.
master
8 months, 3 weeks ago
Update redis to 5.2.1 (#5580)
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
No dependencies with known security vulnerabilities.
master
8 months, 3 weeks ago
Merge pull request #5572 from cookiecutter/pyup-update-django-5.0.9-to-5.0.10
Update django to 5.0.
No dependencies with known security vulnerabilities.
pyup-update-ruff-0.8.1-to-0.8.2
8 months, 3 weeks ago
Update ruff pre-commit hook (#5578)
Auto-update pre-commit hooks
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-coverage-7.6.8-to-7.6.9
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-coverage-7.6.8-to-7.6.9
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-redis-5.2.0-to-5.2.1
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-redis-5.2.0-to-5.2.1
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-sentry-sdk-2.19.0-to-2.19.2
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-sentry-sdk-2.19.0-to-2.19.2
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-ruff-0.8.1-to-0.8.2
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-ruff-0.8.1-to-0.8.2
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
dependabot/docker/{{cookiecutter.project_slug}}/compose/production/django/python-3.12.8-slim-bookwor
8 months, 3 weeks ago
Merge branch 'master' into dependabot/docker/{{cookiecutter.project_slug}}/compose/production/django
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
dependabot/docker/{{cookiecutter.project_slug}}/compose/local/django/python-3.12.8-slim-bookworm
8 months, 3 weeks ago
Merge branch 'master' into dependabot/docker/{{cookiecutter.project_slug}}/compose/local/django/pyth
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
dependabot/docker/{{cookiecutter.project_slug}}/compose/local/docs/python-3.12.8-slim-bookworm
8 months, 3 weeks ago
Merge branch 'master' into dependabot/docker/{{cookiecutter.project_slug}}/compose/local/docs/python
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-hiredis-3.0.0-to-3.1.0
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-hiredis-3.0.0-to-3.1.0
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
pyup-update-django-5.0.9-to-5.0.10
8 months, 3 weeks ago
Merge branch 'master' into pyup-update-django-5.0.9-to-5.0.10
No dependencies with known security vulnerabilities.
master
8 months, 3 weeks ago
Update drf-spectacular to 0.28.0 (#5564)
django 5.0.9 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.0.9 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.0.9 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.0.9 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Django affected versions are vulnerable to a potential SQL injection in the HasKey(lhs, rhs) lookup on Oracle databases. The vulnerability arises when untrusted data is directly used as the lhs value in the django.db.models.fields.json.HasKey lookup. However, applications using the jsonfield.has_key lookup with the __ syntax remain unaffected by this issue. |
| django | 5.0.9 | <4.2.17 , >=5.0a1,<5.0.10 , >=5.1a1,<5.1.4 |
show Affected versions of Django are vulnerable to a potential denial-of-service (DoS) attack in the `django.utils.html.strip_tags()` method. The vulnerability occurs when the `strip_tags()` method or the `striptags` template filter processes inputs containing large sequences of nested, incomplete HTML entities. |
| django | 5.0.9 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
Python 3 badge
URL
https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg
:target: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/"><img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
RDoc
{<img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/cookiecutter/cookiecutter-django/]
pyup.io badge
URL
https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg
Markdown
[](https://pyup.io/repos/github/cookiecutter/cookiecutter-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg
:target: https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/"><img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg(Updates)!:https://pyup.io/repos/github/cookiecutter/cookiecutter-django/
RDoc
{<img src="https://pyup.io/repos/github/cookiecutter/cookiecutter-django/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/cookiecutter/cookiecutter-django/]