Search for packages
| purl | pkg:pypi/django@3.2.24 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dapt-wsva-ubfv
Aliases: CVE-2024-45231 GHSA-rrqc-c2jx-6jgv |
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-q4q6-yfng-aaag
Aliases: BIT-django-2024-27351 CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47 |
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
Affected by 1 other vulnerability. Affected by 16 other vulnerabilities. Affected by 15 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3gge-bre2-aaac | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
BIT-django-2024-24680
CVE-2024-24680 GHSA-xxj9-f6rv-m3x4 PYSEC-2024-28 |