Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 132 results


CVE-2024-45231

Low priority

Some fixes available 4 of 6

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-45230

Medium priority

Some fixes available 4 of 6

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-42005

Medium priority
Fixed

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-41991

Medium priority

Some fixes available 4 of 6

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-41990

Medium priority

Some fixes available 4 of 6

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-41989

Medium priority

Some fixes available 4 of 6

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39614

Medium priority

Some fixes available 5 of 7

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39330

Low priority

Some fixes available 5 of 7

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-39329

Low priority

Some fixes available 5 of 7

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests...

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-38875

Medium priority

Some fixes available 5 of 7

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

1 affected packages

python-django

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-django Fixed Fixed Fixed Fixed Needs evaluation
Show less packages