VulnerableCode Package Details - pkg:pypi/django@4.1.12

Search for packages

Package details: pkg:pypi/django@4.1.12

Essentials
History (64)

purl	pkg:pypi/django@4.1.12

Next non-vulnerable version	4.2.22
Latest non-vulnerable version	5.2.2
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-dapt-wsva-ubfv Aliases: CVE-2024-45231 GHSA-rrqc-c2jx-6jgv	An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).	4.2.16 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.9 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q4q6-yfng-aaag Aliases: BIT-django-2024-27351 CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47	In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.	4.2.11 Affected by 16 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.3 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rwqv-shhz-aaag Aliases: BIT-django-2023-46695 CVE-2023-46695 GHSA-qmf9-6jqf-j8fq PYSEC-2023-222	An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.	4.1.13 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.7 Affected by 18 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dapt-wsva-ubfv
Aliases:
CVE-2024-45231
GHSA-rrqc-c2jx-6jgv

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

4.2.16
Affected by 6 other vulnerabilities.

5.0.9
Affected by 5 other vulnerabilities.

5.1.1
Affected by 7 other vulnerabilities.

VCID-q4q6-yfng-aaag
Aliases:
BIT-django-2024-27351
CVE-2024-27351
GHSA-vm8q-m57g-pff3
PYSEC-2024-47

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.

4.2.11
Affected by 16 other vulnerabilities.

5.0.3
Affected by 15 other vulnerabilities.

VCID-rwqv-shhz-aaag
Aliases:
BIT-django-2023-46695
CVE-2023-46695
GHSA-qmf9-6jqf-j8fq
PYSEC-2023-222

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

4.1.13
Affected by 2 other vulnerabilities.

4.2.7
Affected by 18 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-spub-8snt-aaaq	In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.	BIT-django-2023-43665 CVE-2023-43665 GHSA-h8gc-pgj2-vjm3 PYSEC-2023-226

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:09:17.450307+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.3
2025-06-20T16:55:13.868190+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.3
2025-06-20T16:47:19.939621+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	36.1.3
2025-06-20T16:47:19.317335+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	36.1.3
2025-06-03T23:45:14.809780+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.0
2025-06-03T23:32:06.708923+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.0
2025-06-03T23:25:07.350286+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	36.1.0
2025-06-03T23:25:06.869927+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	36.1.0
2025-06-02T23:43:40.814313+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.1.2
2025-06-02T23:29:58.162578+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.1.2
2025-06-02T23:22:38.083723+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	36.1.2
2025-06-02T23:22:37.586260+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	36.1.2
2025-04-03T22:26:33.815326+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	36.0.0
2025-04-03T21:59:50.210569+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	36.0.0
2025-04-03T21:43:49.986156+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	36.0.0
2025-04-03T21:43:49.138631+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	36.0.0
2025-02-18T04:07:42.296019+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	35.1.0
2025-02-18T03:50:25.550428+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	35.1.0
2025-02-18T03:40:30.721747+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	35.1.0
2025-02-18T03:37:44.724381+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	35.1.0
2024-11-21T01:15:07.292005+00:00	GitLab Importer	Affected by	VCID-dapt-wsva-ubfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml	35.0.0
2024-11-21T01:04:11.255108+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	35.0.0
2024-11-21T00:59:12.020206+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	35.0.0
2024-11-21T00:57:59.918565+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	35.0.0
2024-11-20T07:28:52.024959+00:00	GithubOSV Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-h8gc-pgj2-vjm3/GHSA-h8gc-pgj2-vjm3.json	34.3.2
2024-11-19T19:44:41.324560+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.3.2
2024-11-19T00:53:15.038983+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.3.2
2024-11-19T00:47:47.171329+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	34.3.2
2024-11-19T00:39:33.359679+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.3.2
2024-10-17T02:05:43.465827+00:00	GHSA Importer	Affected by	VCID-dapt-wsva-ubfv	https://github.com/advisories/GHSA-rrqc-c2jx-6jgv	34.0.2
2024-10-15T19:17:05.325553+00:00	GithubOSV Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-h8gc-pgj2-vjm3/GHSA-h8gc-pgj2-vjm3.json	34.0.2
2024-10-08T01:24:08.176748+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.0.2
2024-10-08T01:19:47.482167+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	34.0.2
2024-10-08T01:18:46.388579+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.0.2
2024-10-07T21:46:12.629257+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq	34.0.2
2024-10-07T21:44:03.571495+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.0.2
2024-09-29T09:55:59.625304+00:00	GitLab Importer	Affected by	VCID-rwqv-shhz-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-46695.yml	34.0.1
2024-09-23T01:29:02.574059+00:00	GitLab Importer	Affected by	VCID-q4q6-yfng-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-27351.yml	34.0.1
2024-09-22T22:15:39.426712+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq	34.0.1
2024-09-18T12:06:12.899739+00:00	Pypa Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2023-222.yaml	34.0.1
2024-09-18T12:06:09.423477+00:00	Pypa Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2023-226.yaml	34.0.1
2024-09-18T09:21:45.349827+00:00	GithubOSV Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-h8gc-pgj2-vjm3/GHSA-h8gc-pgj2-vjm3.json	34.0.1
2024-09-17T23:18:07.352870+00:00	PyPI Importer	Fixing	VCID-spub-8snt-aaaq	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.1
2024-09-17T23:18:05.005733+00:00	PyPI Importer	Affected by	VCID-rwqv-shhz-aaag	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.1
2024-09-17T22:26:51.434013+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.0.1
2024-09-17T22:13:32.228429+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.0.1
2024-05-17T20:54:57.635297+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	None	34.0.0rc4
2024-05-17T20:54:56.523812+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq	34.0.0rc4
2024-04-24T03:53:35.625939+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.0.0rc4
2024-04-24T00:50:11.319445+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.0.0rc4
2024-04-24T00:50:10.784221+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	None	34.0.0rc4
2024-04-23T23:13:51.420847+00:00	GithubOSV Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-h8gc-pgj2-vjm3/GHSA-h8gc-pgj2-vjm3.json	34.0.0rc4
2024-04-23T17:47:50.081968+00:00	PyPI Importer	Affected by	VCID-rwqv-shhz-aaag	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.0rc4
2024-01-10T06:34:36.069756+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.0.0rc2
2024-01-10T03:02:37.563179+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	None	34.0.0rc2
2024-01-10T03:02:36.674827+00:00	GHSA Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/advisories/GHSA-qmf9-6jqf-j8fq	34.0.0rc2
2024-01-10T02:56:48.283008+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.0.0rc2
2024-01-10T02:56:47.746055+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	None	34.0.0rc2
2024-01-03T18:54:26.058568+00:00	PyPI Importer	Fixing	VCID-spub-8snt-aaaq	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.0rc1
2024-01-03T18:54:24.749961+00:00	PyPI Importer	Affected by	VCID-rwqv-shhz-aaag	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	34.0.0rc1
2024-01-03T18:30:55.585477+00:00	Pypa Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2023-226.yaml	34.0.0rc1
2024-01-03T18:30:28.000969+00:00	Pypa Importer	Affected by	VCID-rwqv-shhz-aaag	https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2023-222.yaml	34.0.0rc1
2024-01-03T17:52:48.758095+00:00	GitLab Importer	Fixing	VCID-spub-8snt-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2023-43665.yml	34.0.0rc1
2024-01-03T17:43:43.461426+00:00	GHSA Importer	Fixing	VCID-spub-8snt-aaaq	https://github.com/advisories/GHSA-h8gc-pgj2-vjm3	34.0.0rc1