Search for packages
| purl | pkg:deb/debian/python-django@2:2.2.28-1~deb11u7?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4ztz-fq98-5fh1 | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
BIT-django-2023-41164
CVE-2023-41164 GHSA-7h4p-27mh-hmrw PYSEC-2023-225 |
| VCID-896g-hqec-ryb9 | An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
BIT-django-2025-48432
CVE-2025-48432 GHSA-7xr5-9hcq-chf9 PYSEC-2025-47 |
| VCID-8m4b-y4va-kqgm | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
BIT-django-2023-43665
CVE-2023-43665 GHSA-h8gc-pgj2-vjm3 PYSEC-2023-226 |
| VCID-8xgs-8xjr-cber | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
BIT-django-2024-24680
CVE-2024-24680 GHSA-xxj9-f6rv-m3x4 PYSEC-2024-28 |
| VCID-9abh-apwm-ebab | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
BIT-django-2025-32873
CVE-2025-32873 GHSA-8j24-cjrq-gr2m PYSEC-2025-37 |
| VCID-jh1e-72hp-fuf4 | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
BIT-django-2024-27351
CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47 |