Python/django/3.2.23
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD-3-Clause
AND
BSD
2 Security Vulnerabilities
Regular expression denial-of-service in Django
- https://nvd.nist.gov/vuln/detail/CVE-2024-27351
- https://docs.djangoproject.com/en/5.0/releases/security
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/mar/04/security-releases
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
- https://github.com/advisories/GHSA-vm8q-m57g-pff3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
- http://www.openwall.com/lists/oss-security/2024/03/04/1
- https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
- https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
- https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Django denial-of-service attack in the intcomma template filter
- https://nvd.nist.gov/vuln/detail/CVE-2024-24680
- https://docs.djangoproject.com/en/5.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
- https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
- https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
- https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
- https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
- https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
- https://docs.djangoproject.com/en/5.0/releases/security
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
- https://www.djangoproject.com/weblog/2024/feb/06/security-releases
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
358 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.2.4 | BSD | 30 | 2010-12-23 - 05:15 | over 13 years |
1.2.3 | BSD | 32 | 2010-09-11 - 08:50 | over 13 years |
1.2.2 | BSD | 32 | 2010-09-09 - 02:41 | over 13 years |
1.2.1 | BSD | 33 | 2010-05-24 - 21:19 | almost 14 years |
1.2 | BSD | 33 | 2010-05-17 - 20:04 | almost 14 years |
1.1.4 | BSD | 25 | 2011-02-09 - 04:13 | about 13 years |
1.1.3 | BSD | 28 | 2010-12-23 - 05:14 | over 13 years |
1.1.2 | BSD | 30 | ||
1.1.1 | BSD | 30 | ||
1.1 | BSD | 30 | ||
1.0.4 | BSD | 27 | ||
1.0.3 | BSD | 27 | ||
1.0.2 | BSD | 27 | ||
1.0.1 | BSD | 27 | ||
4.0b1 | BSD-3-Clause AND BSD | 1 | 2021-10-25 - 09:23 | over 2 years |
4.0a1 | BSD-3-Clause AND BSD | 1 | 2021-09-21 - 19:08 | over 2 years |
4.0rc1 | BSD-3-Clause AND BSD | 1 | 2021-11-22 - 06:37 | over 2 years |
3.2rc1 | BSD-3-Clause AND BSD | 2 | 2021-03-18 - 13:55 | about 3 years |
3.2a1 | BSD-3-Clause AND BSD | 2 | 2021-01-19 - 13:04 | over 3 years |
3.2b1 | BSD-3-Clause AND BSD | 2 | 2021-02-19 - 09:35 | about 3 years |
3.1a1 | BSD-3-Clause AND BSD | 3 | 2020-05-14 - 09:41 | almost 4 years |
3.1b1 | BSD-3-Clause AND BSD | 4 | 2020-06-15 - 08:15 | almost 4 years |
3.0b1 | BSD | 2 | 2019-10-14 - 10:21 | over 4 years |
3.0a1 | BSD | 1 | 2019-09-10 - 09:19 | over 4 years |
3.0rc1 | BSD | 2 | 2019-11-18 - 08:51 | over 4 years |
3.1rc1 | BSD-3-Clause AND BSD | 4 | 2020-07-20 - 06:38 | almost 4 years |
2.2rc1 | BSD | 6 | 2019-03-18 - 08:57 | about 5 years |
2.2b1 | BSD | 6 | 2019-02-11 - 10:33 | about 5 years |
2.2a1 | BSD | 6 | 2019-01-17 - 15:35 | over 5 years |
2.1b1 | BSD | 6 | 2018-06-18 - 23:55 | almost 6 years |
2.1a1 | BSD | 6 | 2018-05-18 - 01:01 | almost 6 years |
2.1rc1 | BSD | 6 | 2018-07-18 - 17:35 | almost 6 years |
2.0rc1 | BSD | 3 | 2017-11-15 - 23:51 | over 6 years |
2.0a1 | BSD | 3 | 2017-09-22 - 18:09 | over 6 years |
2.0b1 | BSD | 3 | 2017-10-17 - 02:00 | over 6 years |
1.9rc2 | BSD | 3 | 2015-11-24 - 17:35 | over 8 years |
1.9b1 | BSD | 4 | 2015-10-20 - 01:17 | over 8 years |
1.9a1 | BSD | 4 | 2015-09-24 - 00:20 | over 8 years |
1.9rc1 | BSD | 4 | 2015-11-16 - 21:10 | over 8 years |
1.8b2 | BSD | 7 | 2015-03-09 - 15:55 | about 9 years |
1.8b1 | BSD | 8 | 2015-02-25 - 13:42 | about 9 years |
1.8c1 | BSD | 6 | 2015-03-18 - 23:39 | about 9 years |
1.8a1 | BSD | 7 | 2015-01-16 - 22:25 | over 9 years |
1.11b1 | BSD | 26 | 2017-02-20 - 23:21 | about 7 years |
1.11a1 | BSD | 26 | 2017-01-18 - 01:01 | over 7 years |
1.11rc1 | BSD | 25 | 2017-03-21 - 22:55 | about 7 years |
1.10rc1 | BSD | 25 | 2016-07-18 - 18:04 | almost 8 years |
1.10a1 | BSD | 26 | 2016-05-20 - 12:16 | almost 8 years |
1.10b1 | BSD | 26 | 2016-06-22 - 01:15 | almost 8 years |
4.2rc1 | BSD-3-Clause AND BSD | |||
5.0b1 | BSD-3-Clause AND BSD | |||
5.0rc1 | BSD-3-Clause AND BSD | |||
5.0a1 | BSD-3-Clause AND BSD | |||
4.2b1 | BSD-3-Clause AND BSD | |||
4.2a1 | BSD-3-Clause AND BSD | |||
4.1rc1 | BSD-3-Clause AND BSD | 2 | ||
4.1a1 | BSD-3-Clause AND BSD | 2 | 2022-05-18 - 05:54 | almost 2 years |
4.1b1 | BSD-3-Clause AND BSD | 2 | 2022-06-21 - 09:20 | almost 2 years |