Python/django/4.0.6
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD-3-Clause
AND
BSD
3 Security Vulnerabilities
Django has regular expression denial of service vulnerability in EmailValidator/URLValidator
- https://nvd.nist.gov/vuln/detail/CVE-2023-36053
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
- https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
- https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
- https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
- https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
- https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
- https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
- https://www.debian.org/security/2023/dsa-5465
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator
and URLValidator
are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Django contains Uncontrolled Resource Consumption via cached header
- https://nvd.nist.gov/vuln/detail/CVE-2023-23969
- https://docs.djangoproject.com/en/4.1/releases/security/
- https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
- https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
- https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
- https://groups.google.com/forum/#!forum/django-announce
- https://security.netapp.com/advisory/ntap-20230302-0007/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
Django denial-of-service vulnerability in internationalized URLs
- https://nvd.nist.gov/vuln/detail/CVE-2022-41323
- https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
- https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
- https://github.com/advisories/GHSA-qrw5-5h28-6cmg
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://security.netapp.com/advisory/ntap-20221124-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
- https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
- https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
- https://docs.djangoproject.com/en/4.0/releases/security
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
- https://security.netapp.com/advisory/ntap-20221124-0001
- https://www.djangoproject.com/weblog/2022/oct/04/security-releases
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
360 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
4.2.8 | BSD-3-Clause AND BSD | 2 | ||
4.2.7 | BSD-3-Clause AND BSD | 2 | ||
4.2.9 | BSD-3-Clause AND BSD | 2 | ||
3.2.23 | BSD-3-Clause AND BSD | 2 | ||
5.0 | BSD-3-Clause AND BSD | 2 | ||
5.0.1 | BSD-3-Clause AND BSD | 2 | ||
3.1.12 | BSD-3-Clause AND BSD | 1 | 2021-06-02 - 08:53 | almost 3 years |
2.2.27 | BSD | 1 | 2022-02-01 - 07:56 | over 2 years |
3.1.13 | BSD-3-Clause AND BSD | 1 | 2021-07-01 - 07:39 | almost 3 years |
3.0a1 | BSD | 1 | 2019-09-10 - 09:19 | over 4 years |
3.1.14 | BSD-3-Clause AND BSD | 1 | 2021-12-07 - 07:34 | over 2 years |
2.2.28 | BSD | 1 | 2022-04-11 - 07:52 | about 2 years |
3.0.6 | BSD | 8 | 2020-05-04 - 05:26 | about 4 years |
3.0.4 | BSD | 8 | 2020-03-04 - 09:31 | about 4 years |
3.0.5 | BSD | 8 | 2020-04-01 - 07:59 | about 4 years |
2.2.11 | BSD | 10 | 2020-03-04 - 09:31 | about 4 years |
2.2.12 | BSD | 10 | 2020-04-01 - 07:59 | about 4 years |
2.0.10 | BSD | 7 | 2019-01-04 - 14:03 | over 5 years |
1.11.18 | BSD | 12 | 2019-01-04 - 14:10 | over 5 years |
2.1.5 | BSD | 14 | 2019-01-04 - 13:52 | over 5 years |
3.2.24 | BSD-3-Clause AND BSD | 1 | ||
5.0.2 | BSD-3-Clause AND BSD | 1 | ||
4.2.10 | BSD-3-Clause AND BSD | 1 | ||
2.1.15 | BSD | 5 | 2019-12-02 - 08:57 | over 4 years |
2.1rc1 | BSD | 6 | 2018-07-18 - 17:35 | almost 6 years |
2.2b1 | BSD | 6 | 2019-02-11 - 10:33 | about 5 years |
2.2rc1 | BSD | 6 | 2019-03-18 - 08:57 | about 5 years |
2.1a1 | BSD | 6 | 2018-05-18 - 01:01 | almost 6 years |
2.0.13 | BSD | 6 | 2019-02-12 - 10:50 | about 5 years |
2.0.12 | BSD | 6 | 2019-02-11 - 15:10 | about 5 years |
2.1b1 | BSD | 6 | 2018-06-18 - 23:55 | almost 6 years |
2.2a1 | BSD | 6 | 2019-01-17 - 15:35 | over 5 years |
3.0 | BSD | 11 | 2019-12-02 - 11:13 | over 4 years |
2.2.8 | BSD | 13 | 2019-12-02 - 08:57 | over 4 years |
1.11.26 | BSD | 5 | 2019-11-04 - 08:33 | over 4 years |
1.11.23 | BSD | 5 | 2019-08-01 - 09:04 | almost 5 years |
1.11.25 | BSD | 5 | 2019-10-01 - 08:36 | over 4 years |
1.11.24 | BSD | 5 | 2019-09-02 - 07:18 | over 4 years |
2.0 | BSD | 12 | 2017-12-02 - 15:11 | over 6 years |
2.0.1 | BSD | 12 | 2018-01-02 - 00:50 | over 6 years |
1.11.8 | BSD | 17 | 2017-12-02 - 14:20 | over 6 years |
1.11.9 | BSD | 17 | 2018-01-02 - 01:01 | over 6 years |
3.2.14 | BSD-3-Clause AND BSD | 8 | 2022-07-04 - 07:57 | almost 2 years |
3.2.15 | BSD-3-Clause AND BSD | 8 | ||
4.1.1 | BSD-3-Clause AND BSD | 6 | ||
4.1 | BSD-3-Clause AND BSD | 6 | ||
4.0.7 | BSD-3-Clause AND BSD | 3 | ||
4.0.6 | BSD-3-Clause AND BSD | 3 | 2022-07-04 - 07:57 | almost 2 years |
3.2.22 | BSD-3-Clause AND BSD | 3 | ||
4.2.6 | BSD-3-Clause AND BSD | 3 | ||
3.2.21 | BSD-3-Clause AND BSD | 4 | ||
4.2.5 | BSD-3-Clause AND BSD | 4 | ||
4.1.11 | BSD-3-Clause AND BSD | 2 | ||
3.2.20 | BSD-3-Clause AND BSD | 5 | ||
4.2.4 | BSD-3-Clause AND BSD | 5 | ||
4.2.3 | BSD-3-Clause AND BSD | 5 | ||
4.1.10 | BSD-3-Clause AND BSD | 3 | ||
4.1.12 | BSD-3-Clause AND BSD | 1 | ||
3.2b1 | BSD-3-Clause AND BSD | 2 | 2021-02-19 - 09:35 | about 3 years |
3.2rc1 | BSD-3-Clause AND BSD | 2 | 2021-03-18 - 13:55 | about 3 years |
3.0rc1 | BSD | 2 | 2019-11-18 - 08:51 | over 4 years |
3.0b1 | BSD | 2 | 2019-10-14 - 10:21 | over 4 years |
3.2a1 | BSD-3-Clause AND BSD | 2 | 2021-01-19 - 13:04 | over 3 years |
3.2.16 | BSD-3-Clause AND BSD | 7 | ||
4.1.2 | BSD-3-Clause AND BSD | 5 | ||
4.1.5 | BSD-3-Clause AND BSD | 5 | ||
4.1.4 | BSD-3-Clause AND BSD | 5 | ||
4.1.3 | BSD-3-Clause AND BSD | 5 | ||
4.1a1 | BSD-3-Clause AND BSD | 2 | 2022-05-18 - 05:54 | almost 2 years |
4.1rc1 | BSD-3-Clause AND BSD | 2 | ||
4.1b1 | BSD-3-Clause AND BSD | 2 | 2022-06-21 - 09:20 | almost 2 years |
4.0.8 | BSD-3-Clause AND BSD | 2 | ||
4.0b1 | BSD-3-Clause AND BSD | 1 | 2021-10-25 - 09:23 | over 2 years |
4.0a1 | BSD-3-Clause AND BSD | 1 | 2021-09-21 - 19:08 | over 2 years |
4.0rc1 | BSD-3-Clause AND BSD | 1 | 2021-11-22 - 06:37 | over 2 years |
3.2.13 | BSD-3-Clause AND BSD | 9 | 2022-04-11 - 07:52 | about 2 years |
3.2.12 | BSD-3-Clause AND BSD | 9 | 2022-02-01 - 07:56 | over 2 years |
4.0.5 | BSD-3-Clause AND BSD | 4 | 2022-06-01 - 12:22 | almost 2 years |
4.0.4 | BSD-3-Clause AND BSD | 4 | 2022-04-11 - 07:53 | about 2 years |
4.0.3 | BSD-3-Clause AND BSD | 4 | 2022-03-01 - 08:47 | about 2 years |
4.0.2 | BSD-3-Clause AND BSD | 4 | 2022-02-01 - 07:56 | over 2 years |
4.2.1 | BSD-3-Clause AND BSD | 6 | ||
4.2 | BSD-3-Clause AND BSD | 6 | ||
3.2.19 | BSD-3-Clause AND BSD | 6 | ||
3.2.18 | BSD-3-Clause AND BSD | 6 | ||
3.2.17 | BSD-3-Clause AND BSD | 6 | ||
4.2.2 | BSD-3-Clause AND BSD | 6 | ||
4.1.8 | BSD-3-Clause AND BSD | 4 | ||
4.1.9 | BSD-3-Clause AND BSD | 4 | ||
4.1.6 | BSD-3-Clause AND BSD | 4 | ||
4.1.7 | BSD-3-Clause AND BSD | 4 | ||
4.0.9 | BSD-3-Clause AND BSD | 1 | ||
4.0.10 | BSD-3-Clause AND BSD | 1 | ||
2.1.14 | BSD | 6 | 2019-11-04 - 08:33 | over 4 years |
2.1.11 | BSD | 6 | 2019-08-01 - 09:04 | almost 5 years |
2.1.13 | BSD | 6 | 2019-10-01 - 08:36 | over 4 years |
2.1.12 | BSD | 6 | 2019-09-02 - 07:18 | over 4 years |
2.2.4 | BSD | 14 | 2019-08-01 - 09:04 | almost 5 years |
2.2.6 | BSD | 14 | 2019-10-01 - 08:36 | over 4 years |
2.2.5 | BSD | 14 | 2019-09-02 - 07:18 | over 4 years |