Search for packages
| purl | pkg:rpm/redhat/python-django@3.2.18-1.0.1?arch=el8ui |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-nese-5485-hkbs
Aliases: BIT-django-2023-23969 CVE-2023-23969 GHSA-q2jf-h9jm-m7p4 PYSEC-2023-12 |
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | There are no reported fixed by versions. |
|
VCID-ypub-ukuh-p3aw
Aliases: BIT-django-2023-24580 CVE-2023-24580 GHSA-2hrw-hx67-34x6 PYSEC-2023-13 |
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:55:36.258295+00:00 | RedHat Importer | Affected by | VCID-nese-5485-hkbs | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json | 38.0.0 |
| 2026-04-01T13:55:22.343895+00:00 | RedHat Importer | Affected by | VCID-ypub-ukuh-p3aw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24580.json | 38.0.0 |