Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@3.2.19
Typepypi
Namespace
Namedjango
Version3.2.19
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.25
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-am3f-c5ex-8ff2
vulnerability_id VCID-am3f-c5ex-8ff2
summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
4
reference_url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
5
reference_url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0001
10
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
11
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id CVE-2023-46695
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
13
reference_url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id GHSA-qmf9-6jqf-j8fq
reference_type
scores
url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
fixed_packages
0
url pkg:pypi/django@3.2.23
purl pkg:pypi/django@3.2.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsaw-3ta1-x3dw
1
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.23
1
url pkg:pypi/django@4.1.13
purl pkg:pypi/django@4.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13
2
url pkg:pypi/django@4.2.7
purl pkg:pypi/django@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-fsaw-3ta1-x3dw
11
vulnerability VCID-ga69-9y5g-77c3
12
vulnerability VCID-ga7z-wj4j-63h1
13
vulnerability VCID-hsjn-xnpp-5yeh
14
vulnerability VCID-jgv9-vdbm-sycd
15
vulnerability VCID-jybd-p65h-xffy
16
vulnerability VCID-kxdd-yzp3-r7cb
17
vulnerability VCID-pa7y-gpwp-6qgj
18
vulnerability VCID-phkp-9abp-f3dq
19
vulnerability VCID-qy1a-x3ff-4bc8
20
vulnerability VCID-r1vx-vv7d-gqaj
21
vulnerability VCID-rqqc-ta7c-ykgx
22
vulnerability VCID-s1rj-1xbw-fbg5
23
vulnerability VCID-shch-yusm-1uck
24
vulnerability VCID-shjc-2j68-2yfy
25
vulnerability VCID-tktt-vg92-6kae
26
vulnerability VCID-tuqc-c251-h7ds
27
vulnerability VCID-ud73-4t2c-n3at
28
vulnerability VCID-vgq9-s6th-yufg
29
vulnerability VCID-wa3g-27sx-mbcw
30
vulnerability VCID-whgc-pt2s-77ar
31
vulnerability VCID-xcmd-18ck-gqae
32
vulnerability VCID-ynt9-h6ww-h7e9
33
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7
aliases CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am3f-c5ex-8ff2
1
url VCID-f4a7-tcz5-byfj
vulnerability_id VCID-f4a7-tcz5-byfj
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
4
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
5
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
6
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
17
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5465
18
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
19
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
21
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
fixed_packages
0
url pkg:pypi/django@3.2.20
purl pkg:pypi/django@3.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-fsaw-3ta1-x3dw
2
vulnerability VCID-m33h-4p9q-63fb
3
vulnerability VCID-qgp1-4efd-6yg6
4
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.20
1
url pkg:pypi/django@4.1.10
purl pkg:pypi/django@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-m33h-4p9q-63fb
2
vulnerability VCID-qgp1-4efd-6yg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10
2
url pkg:pypi/django@4.2.3
purl pkg:pypi/django@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-fcg9-xypn-ykhf
11
vulnerability VCID-fsaw-3ta1-x3dw
12
vulnerability VCID-ga69-9y5g-77c3
13
vulnerability VCID-ga7z-wj4j-63h1
14
vulnerability VCID-hsjn-xnpp-5yeh
15
vulnerability VCID-jgv9-vdbm-sycd
16
vulnerability VCID-jybd-p65h-xffy
17
vulnerability VCID-kxdd-yzp3-r7cb
18
vulnerability VCID-m33h-4p9q-63fb
19
vulnerability VCID-pa7y-gpwp-6qgj
20
vulnerability VCID-phkp-9abp-f3dq
21
vulnerability VCID-qgp1-4efd-6yg6
22
vulnerability VCID-qy1a-x3ff-4bc8
23
vulnerability VCID-r1vx-vv7d-gqaj
24
vulnerability VCID-rqqc-ta7c-ykgx
25
vulnerability VCID-s1rj-1xbw-fbg5
26
vulnerability VCID-shch-yusm-1uck
27
vulnerability VCID-shjc-2j68-2yfy
28
vulnerability VCID-tktt-vg92-6kae
29
vulnerability VCID-tuqc-c251-h7ds
30
vulnerability VCID-ud73-4t2c-n3at
31
vulnerability VCID-vgq9-s6th-yufg
32
vulnerability VCID-wa3g-27sx-mbcw
33
vulnerability VCID-whgc-pt2s-77ar
34
vulnerability VCID-xcmd-18ck-gqae
35
vulnerability VCID-ynt9-h6ww-h7e9
36
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3
aliases CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj
2
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
4
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
5
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
15
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
fixed_packages
0
url pkg:pypi/django@3.2.25
purl pkg:pypi/django@3.2.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25
1
url pkg:pypi/django@4.2.11
purl pkg:pypi/django@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-ga69-9y5g-77c3
11
vulnerability VCID-ga7z-wj4j-63h1
12
vulnerability VCID-hsjn-xnpp-5yeh
13
vulnerability VCID-jgv9-vdbm-sycd
14
vulnerability VCID-jybd-p65h-xffy
15
vulnerability VCID-kxdd-yzp3-r7cb
16
vulnerability VCID-pa7y-gpwp-6qgj
17
vulnerability VCID-phkp-9abp-f3dq
18
vulnerability VCID-qy1a-x3ff-4bc8
19
vulnerability VCID-r1vx-vv7d-gqaj
20
vulnerability VCID-rqqc-ta7c-ykgx
21
vulnerability VCID-s1rj-1xbw-fbg5
22
vulnerability VCID-shch-yusm-1uck
23
vulnerability VCID-shjc-2j68-2yfy
24
vulnerability VCID-tktt-vg92-6kae
25
vulnerability VCID-tuqc-c251-h7ds
26
vulnerability VCID-ud73-4t2c-n3at
27
vulnerability VCID-vgq9-s6th-yufg
28
vulnerability VCID-wa3g-27sx-mbcw
29
vulnerability VCID-whgc-pt2s-77ar
30
vulnerability VCID-xcmd-18ck-gqae
31
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11
2
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-hsjn-xnpp-5yeh
5
vulnerability VCID-jgv9-vdbm-sycd
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-rqqc-ta7c-ykgx
10
vulnerability VCID-s1rj-1xbw-fbg5
11
vulnerability VCID-ud73-4t2c-n3at
12
vulnerability VCID-vgq9-s6th-yufg
13
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
3
url VCID-m33h-4p9q-63fb
vulnerability_id VCID-m33h-4p9q-63fb
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
4
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
5
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231221-0001
14
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
15
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
17
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
fixed_packages
0
url pkg:pypi/django@3.2.22
purl pkg:pypi/django@3.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-fsaw-3ta1-x3dw
2
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.22
1
url pkg:pypi/django@4.1.12
purl pkg:pypi/django@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12
2
url pkg:pypi/django@4.2.6
purl pkg:pypi/django@4.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-fcg9-xypn-ykhf
11
vulnerability VCID-fsaw-3ta1-x3dw
12
vulnerability VCID-ga69-9y5g-77c3
13
vulnerability VCID-ga7z-wj4j-63h1
14
vulnerability VCID-hsjn-xnpp-5yeh
15
vulnerability VCID-jgv9-vdbm-sycd
16
vulnerability VCID-jybd-p65h-xffy
17
vulnerability VCID-kxdd-yzp3-r7cb
18
vulnerability VCID-pa7y-gpwp-6qgj
19
vulnerability VCID-phkp-9abp-f3dq
20
vulnerability VCID-qy1a-x3ff-4bc8
21
vulnerability VCID-r1vx-vv7d-gqaj
22
vulnerability VCID-rqqc-ta7c-ykgx
23
vulnerability VCID-s1rj-1xbw-fbg5
24
vulnerability VCID-shch-yusm-1uck
25
vulnerability VCID-shjc-2j68-2yfy
26
vulnerability VCID-tktt-vg92-6kae
27
vulnerability VCID-tuqc-c251-h7ds
28
vulnerability VCID-ud73-4t2c-n3at
29
vulnerability VCID-vgq9-s6th-yufg
30
vulnerability VCID-wa3g-27sx-mbcw
31
vulnerability VCID-whgc-pt2s-77ar
32
vulnerability VCID-xcmd-18ck-gqae
33
vulnerability VCID-ynt9-h6ww-h7e9
34
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6
aliases CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb
4
url VCID-qgp1-4efd-6yg6
vulnerability_id VCID-qgp1-4efd-6yg6
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
4
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
5
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0002
14
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
15
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
17
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
fixed_packages
0
url pkg:pypi/django@3.2.21
purl pkg:pypi/django@3.2.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-fsaw-3ta1-x3dw
2
vulnerability VCID-m33h-4p9q-63fb
3
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.21
1
url pkg:pypi/django@4.1.11
purl pkg:pypi/django@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-m33h-4p9q-63fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11
2
url pkg:pypi/django@4.2.5
purl pkg:pypi/django@4.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-fcg9-xypn-ykhf
11
vulnerability VCID-fsaw-3ta1-x3dw
12
vulnerability VCID-ga69-9y5g-77c3
13
vulnerability VCID-ga7z-wj4j-63h1
14
vulnerability VCID-hsjn-xnpp-5yeh
15
vulnerability VCID-jgv9-vdbm-sycd
16
vulnerability VCID-jybd-p65h-xffy
17
vulnerability VCID-kxdd-yzp3-r7cb
18
vulnerability VCID-m33h-4p9q-63fb
19
vulnerability VCID-pa7y-gpwp-6qgj
20
vulnerability VCID-phkp-9abp-f3dq
21
vulnerability VCID-qy1a-x3ff-4bc8
22
vulnerability VCID-r1vx-vv7d-gqaj
23
vulnerability VCID-rqqc-ta7c-ykgx
24
vulnerability VCID-s1rj-1xbw-fbg5
25
vulnerability VCID-shch-yusm-1uck
26
vulnerability VCID-shjc-2j68-2yfy
27
vulnerability VCID-tktt-vg92-6kae
28
vulnerability VCID-tuqc-c251-h7ds
29
vulnerability VCID-ud73-4t2c-n3at
30
vulnerability VCID-vgq9-s6th-yufg
31
vulnerability VCID-wa3g-27sx-mbcw
32
vulnerability VCID-whgc-pt2s-77ar
33
vulnerability VCID-xcmd-18ck-gqae
34
vulnerability VCID-ynt9-h6ww-h7e9
35
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5
aliases CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6
5
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
4
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
5
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
6
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
16
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
fixed_packages
0
url pkg:pypi/django@3.2.24
purl pkg:pypi/django@3.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsaw-3ta1-x3dw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24
1
url pkg:pypi/django@4.2.10
purl pkg:pypi/django@4.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-fsaw-3ta1-x3dw
11
vulnerability VCID-ga69-9y5g-77c3
12
vulnerability VCID-ga7z-wj4j-63h1
13
vulnerability VCID-hsjn-xnpp-5yeh
14
vulnerability VCID-jgv9-vdbm-sycd
15
vulnerability VCID-jybd-p65h-xffy
16
vulnerability VCID-kxdd-yzp3-r7cb
17
vulnerability VCID-pa7y-gpwp-6qgj
18
vulnerability VCID-phkp-9abp-f3dq
19
vulnerability VCID-qy1a-x3ff-4bc8
20
vulnerability VCID-r1vx-vv7d-gqaj
21
vulnerability VCID-rqqc-ta7c-ykgx
22
vulnerability VCID-s1rj-1xbw-fbg5
23
vulnerability VCID-shch-yusm-1uck
24
vulnerability VCID-shjc-2j68-2yfy
25
vulnerability VCID-tktt-vg92-6kae
26
vulnerability VCID-tuqc-c251-h7ds
27
vulnerability VCID-ud73-4t2c-n3at
28
vulnerability VCID-vgq9-s6th-yufg
29
vulnerability VCID-wa3g-27sx-mbcw
30
vulnerability VCID-whgc-pt2s-77ar
31
vulnerability VCID-xcmd-18ck-gqae
32
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10
2
url pkg:pypi/django@5.0.2
purl pkg:pypi/django@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-fsaw-3ta1-x3dw
5
vulnerability VCID-hsjn-xnpp-5yeh
6
vulnerability VCID-jgv9-vdbm-sycd
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-rqqc-ta7c-ykgx
11
vulnerability VCID-s1rj-1xbw-fbg5
12
vulnerability VCID-ud73-4t2c-n3at
13
vulnerability VCID-vgq9-s6th-yufg
14
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2
aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
Fixing_vulnerabilities
0
url VCID-z6tf-z1y9-cydq
vulnerability_id VCID-z6tf-z1y9-cydq
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security
1
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
4
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
5
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
7
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
11
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230609-0008
12
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
13
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
15
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
fixed_packages
0
url pkg:pypi/django@3.2.19
purl pkg:pypi/django@3.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-f4a7-tcz5-byfj
2
vulnerability VCID-fsaw-3ta1-x3dw
3
vulnerability VCID-m33h-4p9q-63fb
4
vulnerability VCID-qgp1-4efd-6yg6
5
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19
1
url pkg:pypi/django@4.1.9
purl pkg:pypi/django@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-am3f-c5ex-8ff2
1
vulnerability VCID-f4a7-tcz5-byfj
2
vulnerability VCID-m33h-4p9q-63fb
3
vulnerability VCID-qgp1-4efd-6yg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9
2
url pkg:pypi/django@4.2.1
purl pkg:pypi/django@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-am3f-c5ex-8ff2
7
vulnerability VCID-bb8b-hq41-s7a6
8
vulnerability VCID-e12b-tw2c-53c9
9
vulnerability VCID-e8j6-mybr-17fh
10
vulnerability VCID-f4a7-tcz5-byfj
11
vulnerability VCID-fcg9-xypn-ykhf
12
vulnerability VCID-fsaw-3ta1-x3dw
13
vulnerability VCID-ga69-9y5g-77c3
14
vulnerability VCID-ga7z-wj4j-63h1
15
vulnerability VCID-hsjn-xnpp-5yeh
16
vulnerability VCID-jgv9-vdbm-sycd
17
vulnerability VCID-jybd-p65h-xffy
18
vulnerability VCID-kxdd-yzp3-r7cb
19
vulnerability VCID-m33h-4p9q-63fb
20
vulnerability VCID-pa7y-gpwp-6qgj
21
vulnerability VCID-phkp-9abp-f3dq
22
vulnerability VCID-qgp1-4efd-6yg6
23
vulnerability VCID-qy1a-x3ff-4bc8
24
vulnerability VCID-r1vx-vv7d-gqaj
25
vulnerability VCID-rqqc-ta7c-ykgx
26
vulnerability VCID-s1rj-1xbw-fbg5
27
vulnerability VCID-shch-yusm-1uck
28
vulnerability VCID-shjc-2j68-2yfy
29
vulnerability VCID-tktt-vg92-6kae
30
vulnerability VCID-tuqc-c251-h7ds
31
vulnerability VCID-ud73-4t2c-n3at
32
vulnerability VCID-vgq9-s6th-yufg
33
vulnerability VCID-wa3g-27sx-mbcw
34
vulnerability VCID-whgc-pt2s-77ar
35
vulnerability VCID-xcmd-18ck-gqae
36
vulnerability VCID-ynt9-h6ww-h7e9
37
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1
aliases CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tf-z1y9-cydq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19