Python/django/3.2.22
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD-3-Clause
AND
BSD
3 Security Vulnerabilities
Django potential denial of service vulnerability in UsernameField on Windows
- https://nvd.nist.gov/vuln/detail/CVE-2023-46695
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
- https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
- https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
- https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
- https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
- https://groups.google.com/forum/#%21forum/django-announce
- https://security.netapp.com/advisory/ntap-20231214-0001/
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Regular expression denial-of-service in Django
- https://nvd.nist.gov/vuln/detail/CVE-2024-27351
- https://docs.djangoproject.com/en/5.0/releases/security
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/mar/04/security-releases
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
- https://github.com/advisories/GHSA-vm8q-m57g-pff3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
- http://www.openwall.com/lists/oss-security/2024/03/04/1
- https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
- https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
- https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Django denial-of-service attack in the intcomma template filter
- https://nvd.nist.gov/vuln/detail/CVE-2024-24680
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
- https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
- https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
- https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
- https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
- https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
- https://docs.djangoproject.com/en/5.0/releases/security
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
360 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.0.1 | BSD | 10 | 2019-12-18 - 08:59 | over 4 years |
3.0 | BSD | 11 | 2019-12-02 - 11:13 | over 4 years |
2.2.28 | BSD | 1 | 2022-04-11 - 07:52 | about 2 years |
2.2.27 | BSD | 1 | 2022-02-01 - 07:56 | over 2 years |
2.2.26 | BSD | 3 | 2022-01-04 - 09:53 | over 2 years |
2.2.25 | BSD | 3 | 2021-12-07 - 07:34 | over 2 years |
2.2.24 | BSD | 3 | 2021-06-02 - 08:53 | almost 3 years |
2.2.23 | BSD | 5 | 2021-05-13 - 07:36 | almost 3 years |
2.2.22 | BSD | 5 | 2021-05-06 - 07:40 | about 3 years |
2.2.21 | BSD | 5 | 2021-05-04 - 08:47 | about 3 years |
2.2.20 | BSD | 5 | 2021-04-06 - 07:34 | about 3 years |
2.2.19 | BSD | 5 | 2021-02-19 - 09:07 | about 3 years |
2.2.18 | BSD | 5 | 2021-02-01 - 09:28 | over 3 years |
2.2.17 | BSD | 6 | 2020-11-02 - 08:12 | over 3 years |
2.2.16 | BSD | 6 | 2020-09-01 - 09:14 | over 3 years |
2.2.15 | BSD | 8 | 2020-08-03 - 07:23 | almost 4 years |
2.2.14 | BSD | 8 | 2020-07-01 - 04:49 | almost 4 years |
2.2.13 | BSD | 8 | 2020-06-03 - 09:36 | almost 4 years |
2.2.12 | BSD | 10 | 2020-04-01 - 07:59 | about 4 years |
2.2.11 | BSD | 10 | 2020-03-04 - 09:31 | about 4 years |
2.2.10 | BSD | 11 | 2020-02-03 - 09:50 | over 4 years |
2.2.9 | BSD | 12 | 2019-12-18 - 08:59 | over 4 years |
2.2.8 | BSD | 13 | 2019-12-02 - 08:57 | over 4 years |
2.2.7 | BSD | 14 | 2019-11-04 - 08:33 | over 4 years |
2.2.6 | BSD | 14 | 2019-10-01 - 08:36 | over 4 years |
2.2.5 | BSD | 14 | 2019-09-02 - 07:18 | over 4 years |
2.2.4 | BSD | 14 | 2019-08-01 - 09:04 | almost 5 years |
2.2.3 | BSD | 18 | 2019-07-01 - 07:19 | almost 5 years |
2.2.2 | BSD | 19 | 2019-06-03 - 10:11 | almost 5 years |
2.2.1 | BSD | 21 | 2019-05-01 - 06:57 | about 5 years |
2.2 | BSD | 21 | 2019-04-01 - 12:47 | about 5 years |
2.1.15 | BSD | 5 | 2019-12-02 - 08:57 | over 4 years |
2.1.14 | BSD | 6 | 2019-11-04 - 08:33 | over 4 years |
2.1.13 | BSD | 6 | 2019-10-01 - 08:36 | over 4 years |
2.1.12 | BSD | 6 | 2019-09-02 - 07:18 | over 4 years |
2.1.11 | BSD | 6 | 2019-08-01 - 09:04 | almost 5 years |
2.1.10 | BSD | 10 | 2019-07-01 - 07:19 | almost 5 years |
2.1.9 | BSD | 11 | 2019-06-03 - 10:11 | almost 5 years |
2.1.8 | BSD | 13 | 2019-04-01 - 09:18 | about 5 years |
2.1.7 | BSD | 13 | 2019-02-11 - 15:10 | about 5 years |
2.1.5 | BSD | 14 | 2019-01-04 - 13:52 | over 5 years |
2.1.4 | BSD | 15 | 2018-12-03 - 17:02 | over 5 years |
2.1.3 | BSD | 15 | 2018-11-01 - 14:36 | over 5 years |
2.1.2 | BSD | 15 | 2018-10-01 - 09:22 | over 5 years |
2.1.1 | BSD | 16 | 2018-08-31 - 08:42 | over 5 years |
2.1 | BSD | 16 | 2018-08-01 - 14:11 | almost 6 years |
2.0.13 | BSD | 6 | 2019-02-12 - 10:50 | about 5 years |
2.0.12 | BSD | 6 | 2019-02-11 - 15:10 | about 5 years |
2.0.10 | BSD | 7 | 2019-01-04 - 14:03 | over 5 years |
2.0.9 | BSD | 8 | 2018-10-01 - 09:22 | over 5 years |
2.0.8 | BSD | 8 | 2018-08-01 - 13:51 | almost 6 years |
2.0.7 | BSD | 9 | 2018-07-02 - 09:02 | almost 6 years |
2.0.6 | BSD | 9 | 2018-06-01 - 15:32 | almost 6 years |
2.0.5 | BSD | 9 | 2018-05-02 - 01:34 | about 6 years |
2.0.4 | BSD | 9 | 2018-04-03 - 02:39 | about 6 years |
2.0.3 | BSD | 9 | 2018-03-06 - 14:05 | about 6 years |
2.0.2 | BSD | 11 | 2018-02-01 - 14:30 | over 6 years |
2.0.1 | BSD | 12 | 2018-01-02 - 00:50 | over 6 years |
2.0 | BSD | 12 | 2017-12-02 - 15:11 | over 6 years |
1.11.29 | BSD | 2 | 2020-03-04 - 09:31 | about 4 years |
1.11.28 | BSD | 3 | 2020-02-03 - 09:50 | over 4 years |
1.11.27 | BSD | 4 | 2019-12-18 - 08:59 | over 4 years |
1.11.26 | BSD | 5 | 2019-11-04 - 08:33 | over 4 years |
1.11.25 | BSD | 5 | 2019-10-01 - 08:36 | over 4 years |
1.11.24 | BSD | 5 | 2019-09-02 - 07:18 | over 4 years |
1.11.23 | BSD | 5 | 2019-08-01 - 09:04 | almost 5 years |
1.11.22 | BSD | 9 | 2019-07-01 - 07:19 | almost 5 years |
1.11.21 | BSD | 10 | 2019-06-03 - 10:10 | almost 5 years |
1.11.20 | BSD | 11 | 2019-02-11 - 15:10 | about 5 years |
1.11.18 | BSD | 12 | 2019-01-04 - 14:10 | over 5 years |
1.11.17 | BSD | 13 | 2018-12-03 - 17:02 | over 5 years |
1.11.16 | BSD | 13 | 2018-10-01 - 09:22 | over 5 years |
1.11.15 | BSD | 13 | 2018-08-01 - 13:45 | almost 6 years |
1.11.14 | BSD | 14 | 2018-07-02 - 09:01 | almost 6 years |
1.11.13 | BSD | 14 | 2018-05-02 - 01:54 | about 6 years |
1.11.12 | BSD | 14 | 2018-04-03 - 02:45 | about 6 years |
1.11.11 | BSD | 14 | 2018-03-06 - 14:15 | about 6 years |
1.11.10 | BSD | 16 | 2018-02-01 - 14:40 | over 6 years |
1.11.9 | BSD | 17 | 2018-01-02 - 01:01 | over 6 years |
1.11.8 | BSD | 17 | 2017-12-02 - 14:20 | over 6 years |
1.11.7 | BSD | 16 | 2017-11-02 - 01:26 | over 6 years |
1.11.6 | BSD | 16 | 2017-10-05 - 18:21 | over 6 years |
1.11.5 | BSD | 16 | 2017-09-05 - 15:18 | over 6 years |
1.11.4 | BSD | 17 | 2017-08-01 - 12:24 | almost 7 years |
1.11.3 | BSD | 17 | 2017-07-01 - 23:24 | almost 7 years |
1.11.2 | BSD | 17 | 2017-06-01 - 16:47 | almost 7 years |
1.11.1 | BSD | 17 | 2017-05-06 - 13:26 | about 7 years |
1.11 | BSD | 17 | 2017-04-04 - 15:59 | about 7 years |
1.10.8 | BSD | 6 | 2017-09-05 - 15:31 | over 6 years |
1.10.7 | BSD | 7 | 2017-04-04 - 14:27 | about 7 years |
1.10.6 | BSD | 9 | 2017-03-01 - 13:37 | about 7 years |
1.10.5 | BSD | 9 | 2017-01-04 - 19:22 | over 7 years |
1.10.4 | BSD | 9 | 2016-12-01 - 23:46 | over 7 years |
1.10.3 | BSD | 9 | 2016-11-01 - 13:56 | over 7 years |
1.10.2 | BSD | 11 | 2016-10-01 - 20:05 | over 7 years |
1.10.1 | BSD | 11 | 2016-09-01 - 23:17 | over 7 years |
1.10 | BSD | 11 | 2016-08-01 - 18:32 | almost 8 years |
1.9.13 | BSD | 6 | 2017-04-04 - 14:14 | about 7 years |
1.9.12 | BSD | 8 | 2016-12-01 - 23:16 | over 7 years |
1.9.11 | BSD | 8 | 2016-11-01 - 14:02 | over 7 years |