pyup-update-boto3-1.35.80-to-1.38.31
1 month ago
Update boto3 from 1.35.80 to 1.38.31
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-botocore-1.35.80-to-1.38.30
1 month ago
Update botocore from 1.35.80 to 1.38.30
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-boto3-1.35.80-to-1.38.30
1 month ago
Update boto3 from 1.35.80 to 1.38.30
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-django-5.1.4-to-5.2.2
1 month ago
Update django from 5.1.4 to 5.2.2
No dependencies with known security vulnerabilities.
pyup-update-pytest-8.3.4-to-8.4.0
1 month ago
Update pytest from 8.3.4 to 8.4.0
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-botocore-1.35.80-to-1.38.29
1 month ago
Update botocore from 1.35.80 to 1.38.29
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-boto3-1.35.80-to-1.38.29
1 month ago
Update boto3 from 1.35.80 to 1.38.29
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-botocore-1.35.80-to-1.38.28
1 month, 1 week ago
Update botocore from 1.35.80 to 1.38.28
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-boto3-1.35.80-to-1.38.28
1 month, 1 week ago
Update boto3 from 1.35.80 to 1.38.28
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-typing-extensions-4.12.2-to-4.14.0
1 month, 1 week ago
Update typing-extensions from 4.12.2 to 4.14.0
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-dj-database-url-2.3.0-to-3.0.0
1 month, 1 week ago
Update dj-database-url from 2.3.0 to 3.0.0
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-botocore-1.35.80-to-1.38.27
1 month, 1 week ago
Update botocore from 1.35.80 to 1.38.27
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-boto3-1.35.80-to-1.38.27
1 month, 1 week ago
Update boto3 from 1.35.80 to 1.38.27
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-botocore-1.35.80-to-1.38.25
1 month, 1 week ago
Update botocore from 1.35.80 to 1.38.25
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
pyup-update-boto3-1.35.80-to-1.38.25
1 month, 1 week ago
Update boto3 from 1.35.80 to 1.38.25
django 5.1.4 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| django | 5.1.4 | >=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22 |
show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| django | 5.1.4 | >=5.0,<5.0.14 , >=5.1,<5.1.8 |
show An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| django | 5.1.4 | >=5.2.0,<5.2.1 , >=5.1.0,<5.1.9 , <4.2.21 |
show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| django | 5.1.4 | <4.2.20 , >=5.0a1,<5.0.13 , >=5.1a1,<5.1.7 |
show Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. |
| django | 5.1.4 | <4.2.18 , >=5.0.0,<5.0.11 , >=5.1.0,<5.1.5 |
show Affected versions of Django are vulnerable to a potential denial-of-service attack due to improper IPv6 validation. The lack of upper limit enforcement for input strings in clean_ipv6_address, is_valid_ipv6_address, and the django.forms.GenericIPAddressField form field allowed attackers to exploit overly long inputs, causing resource exhaustion. The vulnerability is addressed by defining a max_length of 39 characters for affected form fields. The django.db.models.GenericIPAddressField model field was not impacted. Users should upgrade promptly. |
Python 3 badge
URL
https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/wherculano/curso-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg
:target: https://pyup.io/repos/github/wherculano/curso-django/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/wherculano/curso-django/"><img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/wherculano/curso-django/
RDoc
{<img src="https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/wherculano/curso-django/]
pyup.io badge
URL
https://pyup.io/repos/github/wherculano/curso-django/shield.svg
Markdown
[](https://pyup.io/repos/github/wherculano/curso-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/wherculano/curso-django/shield.svg
:target: https://pyup.io/repos/github/wherculano/curso-django/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/wherculano/curso-django/"><img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/wherculano/curso-django/shield.svg(Updates)!:https://pyup.io/repos/github/wherculano/curso-django/
RDoc
{<img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/wherculano/curso-django/]