VulnerableCode Package Details - pkg:pypi/django@4.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-khvz-sgc7-aaak Aliases: BIT-2023-24580 BIT-django-2023-24580 CVE-2023-24580 GHSA-2hrw-hx67-34x6 PYSEC-0000-CVE-2023-24580 PYSEC-2023-13	Resource exhaustion in Django	4.1.7 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rwqv-shhz-aaag Aliases: BIT-django-2023-46695 CVE-2023-46695 GHSA-qmf9-6jqf-j8fq PYSEC-2023-222	An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.	4.1.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.7 Affected by 18 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-khvz-sgc7-aaak
Aliases:
BIT-2023-24580
BIT-django-2023-24580
CVE-2023-24580
GHSA-2hrw-hx67-34x6
PYSEC-0000-CVE-2023-24580
PYSEC-2023-13

Resource exhaustion in Django

4.1.7
Affected by 7 other vulnerabilities.

VCID-rwqv-shhz-aaag
Aliases:
BIT-django-2023-46695
CVE-2023-46695
GHSA-qmf9-6jqf-j8fq
PYSEC-2023-222

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

4.1.13
Affected by 2 other vulnerabilities.

4.2.7
Affected by 18 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-01-17T02:47:14.091899+00:00	GHSA Importer	Affected by	VCID-khvz-sgc7-aaak	None	35.1.0
2024-01-03T17:44:26.237750+00:00	GHSA Importer	Affected by	VCID-khvz-sgc7-aaak	https://github.com/advisories/GHSA-2hrw-hx67-34x6	34.0.0rc1
2024-01-03T17:43:43.742684+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq	34.0.0rc1