Python/django/3.0b1
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD
1 Security Vulnerabilities
Django contains Uncontrolled Resource Consumption via cached header
Published date: 2023-02-01T21:30:23Z
CVE: CVE-2023-23969
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-23969
- https://docs.djangoproject.com/en/4.1/releases/security/
- https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
- https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
- https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
- https://groups.google.com/forum/#!forum/django-announce
- https://security.netapp.com/advisory/ntap-20230302-0007/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
- https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
- https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
- https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
- https://docs.djangoproject.com/en/4.1/releases/security
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
- https://security.netapp.com/advisory/ntap-20230302-0007
- https://www.djangoproject.com/weblog/2023/feb/01/security-releases
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
Affected versions:
["4.0b1", "4.0rc1", "4.1a1", "4.1b1", "4.1rc1", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.0a1", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "3.1rc1", "3.2", "3.2rc1", "3.0b1", "3.0rc1", "3.1b1", "3.2a1", "3.2b1", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16"]
Secure versions:
[2.2.27, 2.2.28, 3.0a1, 3.1.12, 3.1.13, 3.1.14, 3.2.25, 4.1.13, 4.2.17, 4.2.18, 4.2.19, 4.2.20, 4.2.21, 4.2.22, 4.2.23, 4.2a1, 4.2b1, 4.2rc1, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0a1, 5.0b1, 5.0rc1, 5.1.10, 5.1.11, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1a1, 5.1b1, 5.1rc1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2a1, 5.2b1, 5.2rc1]
Recommendation:
Update to version 5.2.3.
400 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 2.2.14 | BSD | 7 | 2020-07-01 - 04:49 | about 5 years |
| 2.2.13 | BSD | 7 | 2020-06-03 - 09:36 | about 5 years |
| 2.2.12 | BSD | 9 | 2020-04-01 - 07:59 | about 5 years |
| 2.2.11 | BSD | 9 | 2020-03-04 - 09:31 | over 5 years |
| 2.2.10 | BSD | 10 | 2020-02-03 - 09:50 | over 5 years |
| 2.2.9 | BSD | 10 | 2019-12-18 - 08:59 | over 5 years |
| 2.2.8 | BSD | 10 | 2019-12-02 - 08:57 | over 5 years |
| 2.2.7 | BSD | 11 | 2019-11-04 - 08:33 | over 5 years |
| 2.2.6 | BSD | 11 | 2019-10-01 - 08:36 | over 5 years |
| 2.2.5 | BSD | 11 | 2019-09-02 - 07:18 | almost 6 years |
| 2.2.4 | BSD | 11 | 2019-08-01 - 09:04 | almost 6 years |
| 2.2.3 | BSD | 15 | 2019-07-01 - 07:19 | about 6 years |
| 2.2.2 | BSD | 16 | 2019-06-03 - 10:11 | about 6 years |
| 2.2.1 | BSD | 18 | 2019-05-01 - 06:57 | about 6 years |
| 2.2 | BSD | 18 | 2019-04-01 - 12:47 | about 6 years |
| 2.1.15 | BSD | 2 | 2019-12-02 - 08:57 | over 5 years |
| 2.1.14 | BSD | 3 | 2019-11-04 - 08:33 | over 5 years |
| 2.1.13 | BSD | 3 | 2019-10-01 - 08:36 | over 5 years |
| 2.1.12 | BSD | 3 | 2019-09-02 - 07:18 | almost 6 years |
| 2.1.11 | BSD | 3 | 2019-08-01 - 09:04 | almost 6 years |
| 2.1.10 | BSD | 7 | 2019-07-01 - 07:19 | about 6 years |
| 2.1.9 | BSD | 8 | 2019-06-03 - 10:11 | about 6 years |
| 2.1.8 | BSD | 10 | 2019-04-01 - 09:18 | about 6 years |
| 2.1.7 | BSD | 10 | 2019-02-11 - 15:10 | over 6 years |
| 2.1.5 | BSD | 11 | 2019-01-04 - 13:52 | over 6 years |
| 2.1.4 | BSD | 12 | 2018-12-03 - 17:02 | over 6 years |
| 2.1.3 | BSD | 12 | 2018-11-01 - 14:36 | over 6 years |
| 2.1.2 | BSD | 12 | 2018-10-01 - 09:22 | over 6 years |
| 2.1.1 | BSD | 13 | 2018-08-31 - 08:42 | almost 7 years |
| 2.1 | BSD | 13 | 2018-08-01 - 14:11 | almost 7 years |
| 2.0.13 | BSD | 3 | 2019-02-12 - 10:50 | over 6 years |
| 2.0.12 | BSD | 3 | 2019-02-11 - 15:10 | over 6 years |
| 2.0.10 | BSD | 4 | 2019-01-04 - 14:03 | over 6 years |
| 2.0.9 | BSD | 5 | 2018-10-01 - 09:22 | over 6 years |
| 2.0.8 | BSD | 5 | 2018-08-01 - 13:51 | almost 7 years |
| 2.0.7 | BSD | 6 | 2018-07-02 - 09:02 | almost 7 years |
| 2.0.6 | BSD | 6 | 2018-06-01 - 15:32 | about 7 years |
| 2.0.5 | BSD | 6 | 2018-05-02 - 01:34 | about 7 years |
| 2.0.4 | BSD | 6 | 2018-04-03 - 02:39 | about 7 years |
| 2.0.3 | BSD | 6 | 2018-03-06 - 14:05 | over 7 years |
| 2.0.2 | BSD | 8 | 2018-02-01 - 14:30 | over 7 years |
| 2.0.1 | BSD | 8 | 2018-01-02 - 00:50 | over 7 years |
| 2.0 | BSD | 8 | 2017-12-02 - 15:11 | over 7 years |
| 1.11.29 | BSD | 1 | 2020-03-04 - 09:31 | over 5 years |
| 1.11.28 | BSD | 2 | 2020-02-03 - 09:50 | over 5 years |
| 1.11.27 | BSD | 3 | 2019-12-18 - 08:59 | over 5 years |
| 1.11.26 | BSD | 4 | 2019-11-04 - 08:33 | over 5 years |
| 1.11.25 | BSD | 4 | 2019-10-01 - 08:36 | over 5 years |
| 1.11.24 | BSD | 4 | 2019-09-02 - 07:18 | almost 6 years |
| 1.11.23 | BSD | 4 | 2019-08-01 - 09:04 | almost 6 years |