Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@3.2.24
Typepypi
Namespace
Namedjango
Version3.2.24
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.25
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
4
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
5
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
7
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
13
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
15
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
fixed_packages
0
url pkg:pypi/django@3.2.25
purl pkg:pypi/django@3.2.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.25
1
url pkg:pypi/django@4.2.11
purl pkg:pypi/django@4.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-ga69-9y5g-77c3
11
vulnerability VCID-ga7z-wj4j-63h1
12
vulnerability VCID-hsjn-xnpp-5yeh
13
vulnerability VCID-jgv9-vdbm-sycd
14
vulnerability VCID-jybd-p65h-xffy
15
vulnerability VCID-kxdd-yzp3-r7cb
16
vulnerability VCID-pa7y-gpwp-6qgj
17
vulnerability VCID-phkp-9abp-f3dq
18
vulnerability VCID-qy1a-x3ff-4bc8
19
vulnerability VCID-r1vx-vv7d-gqaj
20
vulnerability VCID-rqqc-ta7c-ykgx
21
vulnerability VCID-s1rj-1xbw-fbg5
22
vulnerability VCID-shch-yusm-1uck
23
vulnerability VCID-shjc-2j68-2yfy
24
vulnerability VCID-tktt-vg92-6kae
25
vulnerability VCID-tuqc-c251-h7ds
26
vulnerability VCID-ud73-4t2c-n3at
27
vulnerability VCID-vgq9-s6th-yufg
28
vulnerability VCID-wa3g-27sx-mbcw
29
vulnerability VCID-whgc-pt2s-77ar
30
vulnerability VCID-xcmd-18ck-gqae
31
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11
2
url pkg:pypi/django@5.0.3
purl pkg:pypi/django@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-hsjn-xnpp-5yeh
5
vulnerability VCID-jgv9-vdbm-sycd
6
vulnerability VCID-pa7y-gpwp-6qgj
7
vulnerability VCID-qw15-2kq7-wqed
8
vulnerability VCID-qy1a-x3ff-4bc8
9
vulnerability VCID-rqqc-ta7c-ykgx
10
vulnerability VCID-s1rj-1xbw-fbg5
11
vulnerability VCID-ud73-4t2c-n3at
12
vulnerability VCID-vgq9-s6th-yufg
13
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3
aliases CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
Fixing_vulnerabilities
0
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security
1
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/5.0/releases/security/
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
4
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
5
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
6
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
8
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/django-announce
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
13
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
14
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
16
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
fixed_packages
0
url pkg:pypi/django@3.2.24
purl pkg:pypi/django@3.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsaw-3ta1-x3dw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24
1
url pkg:pypi/django@4.2.10
purl pkg:pypi/django@4.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-4kcg-gx5y-cuaw
2
vulnerability VCID-5xtt-au84-zbb2
3
vulnerability VCID-7c5n-nzwk-v7bz
4
vulnerability VCID-9gq3-whr8-s7b8
5
vulnerability VCID-9kvc-1bdz-n3bd
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-e12b-tw2c-53c9
8
vulnerability VCID-e8j6-mybr-17fh
9
vulnerability VCID-fcg9-xypn-ykhf
10
vulnerability VCID-fsaw-3ta1-x3dw
11
vulnerability VCID-ga69-9y5g-77c3
12
vulnerability VCID-ga7z-wj4j-63h1
13
vulnerability VCID-hsjn-xnpp-5yeh
14
vulnerability VCID-jgv9-vdbm-sycd
15
vulnerability VCID-jybd-p65h-xffy
16
vulnerability VCID-kxdd-yzp3-r7cb
17
vulnerability VCID-pa7y-gpwp-6qgj
18
vulnerability VCID-phkp-9abp-f3dq
19
vulnerability VCID-qy1a-x3ff-4bc8
20
vulnerability VCID-r1vx-vv7d-gqaj
21
vulnerability VCID-rqqc-ta7c-ykgx
22
vulnerability VCID-s1rj-1xbw-fbg5
23
vulnerability VCID-shch-yusm-1uck
24
vulnerability VCID-shjc-2j68-2yfy
25
vulnerability VCID-tktt-vg92-6kae
26
vulnerability VCID-tuqc-c251-h7ds
27
vulnerability VCID-ud73-4t2c-n3at
28
vulnerability VCID-vgq9-s6th-yufg
29
vulnerability VCID-wa3g-27sx-mbcw
30
vulnerability VCID-whgc-pt2s-77ar
31
vulnerability VCID-xcmd-18ck-gqae
32
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10
2
url pkg:pypi/django@5.0.2
purl pkg:pypi/django@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ft7-rbey-kuhx
1
vulnerability VCID-9gq3-whr8-s7b8
2
vulnerability VCID-e12b-tw2c-53c9
3
vulnerability VCID-e8j6-mybr-17fh
4
vulnerability VCID-fsaw-3ta1-x3dw
5
vulnerability VCID-hsjn-xnpp-5yeh
6
vulnerability VCID-jgv9-vdbm-sycd
7
vulnerability VCID-pa7y-gpwp-6qgj
8
vulnerability VCID-qw15-2kq7-wqed
9
vulnerability VCID-qy1a-x3ff-4bc8
10
vulnerability VCID-rqqc-ta7c-ykgx
11
vulnerability VCID-s1rj-1xbw-fbg5
12
vulnerability VCID-ud73-4t2c-n3at
13
vulnerability VCID-vgq9-s6th-yufg
14
vulnerability VCID-xcmd-18ck-gqae
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2
aliases CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24