VulnerableCode Package Details - pkg:deb/debian/python-django@3:4.2.6-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/python-django@3:4.2.6-1?distro=trixie

purl	pkg:deb/debian/python-django@3:4.2.6-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8m4b-y4va-kqgm	In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.	BIT-django-2023-43665 CVE-2023-43665 GHSA-h8gc-pgj2-vjm3 PYSEC-2023-226

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:55:02.816360+00:00	Debian Importer	Fixing	VCID-8m4b-y4va-kqgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T17:59:05.938814+00:00	Debian Importer	Fixing	VCID-8m4b-y4va-kqgm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:44.317063+00:00	Debian Importer	Fixing	VCID-8m4b-y4va-kqgm	https://security-tracker.debian.org/tracker/data/json	38.1.0