VulnerableCode Package Details - pkg:deb/debian/python-django@1.2.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-p1dq-27t5-e7b3	The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.	CVE-2010-4535 GHSA-7wph-fc4w-wqp2 PYSEC-2011-9
VCID-pv1d-wrex-hbgy	The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.	CVE-2010-4534 GHSA-fwr5-q9rx-294f PYSEC-2011-8

Vulnerability

Summary

Aliases

VCID-p1dq-27t5-e7b3

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.

CVE-2010-4535
GHSA-7wph-fc4w-wqp2
PYSEC-2011-9

VCID-pv1d-wrex-hbgy

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

CVE-2010-4534
GHSA-fwr5-q9rx-294f
PYSEC-2011-8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:11:47.478822+00:00	Debian Importer	Fixing	VCID-p1dq-27t5-e7b3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:20:50.714477+00:00	Debian Importer	Fixing	VCID-pv1d-wrex-hbgy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:29.895101+00:00	Debian Importer	Fixing	VCID-p1dq-27t5-e7b3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:14:38.607302+00:00	Debian Importer	Fixing	VCID-pv1d-wrex-hbgy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:39.531439+00:00	Debian Importer	Fixing	VCID-p1dq-27t5-e7b3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:39.490937+00:00	Debian Importer	Fixing	VCID-pv1d-wrex-hbgy	https://security-tracker.debian.org/tracker/data/json	38.1.0