VulnerableCode Package Details - pkg:pypi/django@3.2.25

Search for packages

Vulnerability	Summary	Fixed by
VCID-dapt-wsva-ubfv Aliases: CVE-2024-45231 GHSA-rrqc-c2jx-6jgv	An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).	4.2.16 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.9 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dapt-wsva-ubfv
Aliases:
CVE-2024-45231
GHSA-rrqc-c2jx-6jgv

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

4.2.16
Affected by 6 other vulnerabilities.

5.0.9
Affected by 5 other vulnerabilities.

5.1.1
Affected by 7 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-q4q6-yfng-aaag	In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.	BIT-django-2024-27351 CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47

Vulnerability

Summary

Aliases

VCID-q4q6-yfng-aaag

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

BIT-django-2024-27351
CVE-2024-27351
GHSA-vm8q-m57g-pff3
PYSEC-2024-47

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:09:17.393449+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.3
2025-06-20T16:55:13.810943+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.3
2025-06-03T23:45:14.762572+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.0
2025-06-03T23:32:06.659528+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.0
2025-06-02T23:43:40.755874+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.2
2025-06-02T23:29:58.098015+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.2
2025-04-03T22:26:33.658220+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.0.0
2025-04-03T21:59:50.040580+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.0.0
2025-02-18T04:07:42.145748+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	35.1.0
2025-02-18T03:50:25.393192+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	35.1.0
2024-11-21T01:15:07.141697+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	35.0.0
2024-11-21T01:04:11.114699+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	35.0.0
2024-11-19T00:53:14.883547+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.3.2
2024-10-17T02:05:43.303240+00:00	GHSA Importer	Affected by	VCID-dapt-wsva-ubfv	https://github.com/advisories/GHSA-rrqc-c2jx-6jgv	34.0.2
2024-10-15T19:22:08.661674+00:00	GithubOSV Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-vm8q-m57g-pff3/GHSA-vm8q-m57g-pff3.json	34.0.2
2024-10-08T01:24:08.014555+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.0.2
2024-10-07T22:07:48.169889+00:00	GHSA Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/advisories/GHSA-vm8q-m57g-pff3	34.0.2
2024-09-18T12:06:36.605344+00:00	Pypa Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2024-47.yaml	34.0.1
2024-09-18T09:20:53.426237+00:00	GithubOSV Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-vm8q-m57g-pff3/GHSA-vm8q-m57g-pff3.json	34.0.1
2024-09-17T23:19:31.770289+00:00	PyPI Importer	Fixing	VCID-q4q6-yfng-aaag	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.1
2024-09-17T22:26:48.089908+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.0.1
2024-09-17T22:13:15.473519+00:00	GHSA Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/advisories/GHSA-vm8q-m57g-pff3	34.0.1
2024-04-23T23:13:19.023981+00:00	GithubOSV Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-vm8q-m57g-pff3/GHSA-vm8q-m57g-pff3.json	34.0.0rc4
2024-04-23T17:48:01.071445+00:00	PyPI Importer	Fixing	VCID-q4q6-yfng-aaag	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.0rc4
2024-04-23T17:44:25.181331+00:00	Pypa Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2024-47.yaml	34.0.0rc4
2024-04-23T17:43:03.092130+00:00	GitLab Importer	Fixing	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.0.0rc4
2024-04-23T17:41:20.596880+00:00	GHSA Importer	Fixing	VCID-q4q6-yfng-aaag	https://github.com/advisories/GHSA-vm8q-m57g-pff3	34.0.0rc4

2025-06-20T17:09:17.393449+00:00

GitLab Importer

Affected by

VCID-dapt-wsva-ubfv

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml

36.1.3

2025-06-20T16:55:13.810943+00:00

GitLab Importer

Fixing

Next non-vulnerable version	4.2.22
Latest non-vulnerable version	5.2.2
Risk	3.1