Python/django/4.1.10
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD-3-Clause
AND
BSD
3 Security Vulnerabilities
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
- https://nvd.nist.gov/vuln/detail/CVE-2023-41164
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
- https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
- https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
- https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
- https://github.com/advisories/GHSA-7h4p-27mh-hmrw
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
- https://security.netapp.com/advisory/ntap-20231214-0002/
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Django Denial-of-service in django.utils.text.Truncator
- https://nvd.nist.gov/vuln/detail/CVE-2023-43665
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
- https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
- https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
- https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
- https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU/
- https://docs.djangoproject.com/en/4.2/releases/security
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
- https://security.netapp.com/advisory/ntap-20231221-0001
- https://www.djangoproject.com/weblog/2023/oct/04/security-releases
- http://www.openwall.com/lists/oss-security/2024/03/04/1
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatecharshtml and truncatewordshtml template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
Django potential denial of service vulnerability in UsernameField on Windows
- https://nvd.nist.gov/vuln/detail/CVE-2023-46695
- https://docs.djangoproject.com/en/4.2/releases/security/
- https://groups.google.com/forum/#!forum/django-announce
- https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
- https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
- https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
- https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
- https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
- https://groups.google.com/forum/#%21forum/django-announce
- https://security.netapp.com/advisory/ntap-20231214-0001/
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
358 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.9.8 | BSD | 11 | 2016-07-18 - 18:19 | almost 8 years |
1.9.7 | BSD | 12 | 2016-06-04 - 23:43 | almost 8 years |
1.9.6 | BSD | 12 | 2016-05-02 - 22:33 | about 8 years |
1.9.5 | BSD | 12 | 2016-04-01 - 17:47 | about 8 years |
1.9.4 | BSD | 12 | 2016-03-05 - 14:31 | about 8 years |
1.9.3 | BSD | 12 | 2016-03-01 - 17:00 | about 8 years |
1.9.2 | BSD | 14 | 2016-02-01 - 17:17 | over 8 years |
1.9.1 | BSD | 15 | 2016-01-02 - 13:50 | over 8 years |
1.9 | BSD | 15 | 2015-12-01 - 23:55 | over 8 years |
1.8.19 | BSD | 6 | 2018-03-06 - 14:22 | about 6 years |
1.8.18 | BSD | 8 | 2017-04-04 - 14:07 | about 7 years |
1.8.17 | BSD | 10 | 2016-12-01 - 23:03 | over 7 years |
1.8.16 | BSD | 10 | 2016-11-01 - 14:09 | over 7 years |
1.8.15 | BSD | 12 | 2016-09-26 - 18:30 | over 7 years |
1.8.14 | BSD | 13 | 2016-07-18 - 18:38 | almost 8 years |
1.8.13 | BSD | 14 | 2016-05-02 - 22:49 | about 8 years |
1.8.12 | BSD | 14 | 2016-04-01 - 17:54 | about 8 years |
1.8.11 | BSD | 14 | 2016-03-05 - 18:36 | about 8 years |
1.8.10 | BSD | 14 | 2016-03-01 - 17:10 | about 8 years |
1.8.9 | BSD | 16 | 2016-02-01 - 17:24 | over 8 years |
1.8.8 | BSD | 16 | 2016-01-02 - 14:28 | over 8 years |
1.8.7 | BSD | 16 | 2015-11-24 - 17:28 | over 8 years |
1.8.6 | BSD | 17 | 2015-11-04 - 17:03 | over 8 years |
1.8.5 | BSD | 17 | 2015-10-04 - 00:06 | over 8 years |
1.8.4 | BSD | 17 | 2015-08-18 - 17:06 | over 8 years |
1.8.3 | BSD | 18 | 2015-07-08 - 19:43 | almost 9 years |
1.8.2 | BSD | 21 | 2015-05-20 - 18:02 | almost 9 years |
1.8.1 | BSD | 21 | 2015-05-01 - 20:36 | about 9 years |
1.8 | BSD | 21 | 2015-04-01 - 20:12 | about 9 years |
1.7.11 | BSD | 10 | 2015-11-24 - 17:19 | over 8 years |
1.7.10 | BSD | 11 | 2015-08-18 - 17:15 | over 8 years |
1.7.9 | BSD | 12 | 2015-07-08 - 21:33 | almost 9 years |
1.7.8 | BSD | 14 | 2015-05-01 - 20:42 | about 9 years |
1.7.7 | BSD | 14 | 2015-03-18 - 23:49 | about 9 years |
1.7.6 | BSD | 14 | 2015-03-09 - 15:30 | about 9 years |
1.7.5 | BSD | 15 | 2015-02-25 - 13:58 | about 9 years |
1.7.4 | BSD | 15 | 2015-01-27 - 17:22 | over 9 years |
1.7.3 | BSD | 15 | 2015-01-13 - 18:39 | over 9 years |
1.7.2 | BSD | 18 | 2015-01-03 - 01:37 | over 9 years |
1.7.1 | BSD | 18 | 2014-10-22 - 16:56 | over 9 years |
1.7 | BSD | 18 | 2014-09-02 - 21:09 | over 9 years |
1.6.11 | BSD | 13 | 2015-03-18 - 23:57 | about 9 years |
1.6.10 | BSD | 13 | 2015-01-13 - 18:48 | over 9 years |
1.6.9 | BSD | 16 | 2015-01-03 - 01:52 | over 9 years |
1.6.8 | BSD | 16 | 2014-10-22 - 16:50 | over 9 years |
1.6.7 | BSD | 16 | 2014-09-02 - 20:55 | over 9 years |
1.6.6 | BSD | 16 | 2014-08-20 - 20:17 | over 9 years |
1.6.5 | BSD | 19 | 2014-05-14 - 18:33 | almost 10 years |
1.6.4 | BSD | 21 | 2014-04-28 - 20:40 | about 10 years |
1.6.3 | BSD | 21 | 2014-04-21 - 23:12 | about 10 years |
1.6.2 | BSD | 23 | 2014-02-06 - 21:51 | about 10 years |
1.6.1 | BSD | 23 | 2013-12-12 - 20:04 | over 10 years |
1.6 | BSD | 23 | 2013-11-06 - 15:01 | over 10 years |
1.5.12 | BSD | 13 | 2015-01-03 - 02:09 | over 9 years |
1.5.11 | BSD | 13 | 2014-10-22 - 16:45 | over 9 years |
1.5.10 | BSD | 13 | 2014-09-02 - 20:51 | over 9 years |
1.5.9 | BSD | 13 | 2014-08-20 - 20:10 | over 9 years |
1.5.8 | BSD | 16 | 2014-05-14 - 18:35 | almost 10 years |
1.5.7 | BSD | 18 | 2014-04-28 - 20:35 | about 10 years |
1.5.6 | BSD | 18 | 2014-04-21 - 22:53 | about 10 years |
1.5.5 | BSD | 20 | 2013-10-25 - 04:32 | over 10 years |
1.5.4 | BSD | 20 | 2013-09-15 - 06:30 | over 10 years |
1.5.3 | BSD | 21 | 2013-09-11 - 01:26 | over 10 years |
1.5.2 | BSD | 22 | 2013-08-13 - 16:54 | over 10 years |
1.5.1 | BSD | 24 | 2013-03-28 - 20:57 | about 11 years |
1.5 | BSD | 24 | 2013-02-26 - 19:30 | about 11 years |
1.4.22 | BSD | 11 | 2015-08-18 - 17:22 | over 8 years |
1.4.21 | BSD | 12 | 2015-07-08 - 19:56 | almost 9 years |
1.4.20 | BSD | 14 | 2015-03-19 - 00:03 | about 9 years |
1.4.19 | BSD | 14 | 2015-01-27 - 17:11 | over 9 years |
1.4.18 | BSD | 14 | 2015-01-13 - 18:54 | over 9 years |
1.4.17 | BSD | 17 | 2015-01-03 - 02:20 | over 9 years |
1.4.16 | BSD | 17 | 2014-10-22 - 16:37 | over 9 years |
1.4.15 | BSD | 17 | 2014-09-02 - 20:44 | over 9 years |
1.4.14 | BSD | 17 | 2014-08-20 - 20:01 | over 9 years |
1.4.13 | BSD | 20 | 2014-05-14 - 18:27 | almost 10 years |
1.4.12 | BSD | 22 | 2014-04-28 - 20:30 | about 10 years |
1.4.11 | BSD | 22 | 2014-04-21 - 22:40 | about 10 years |
1.4.10 | BSD | 24 | 2013-11-06 - 14:21 | over 10 years |
1.4.9 | BSD | 24 | 2013-10-25 - 04:38 | over 10 years |
1.4.8 | BSD | 24 | 2013-09-15 - 06:22 | over 10 years |
1.4.7 | BSD | 25 | 2013-09-11 - 01:18 | over 10 years |
1.4.6 | BSD | 26 | 2013-08-13 - 16:52 | over 10 years |
1.4.5 | BSD | 27 | 2013-02-20 - 19:54 | about 11 years |
1.4.4 | BSD | 27 | 2013-02-19 - 20:27 | about 11 years |
1.4.3 | BSD | 29 | 2012-12-10 - 21:46 | over 11 years |
1.4.2 | BSD | 29 | 2012-10-17 - 22:18 | over 11 years |
1.4.1 | BSD | 30 | 2012-07-30 - 22:48 | almost 12 years |
1.4 | BSD | 32 | 2012-03-23 - 18:00 | about 12 years |
1.3.7 | BSD | 21 | 2013-02-20 - 20:03 | about 11 years |
1.3.6 | BSD | 21 | 2013-02-19 - 20:32 | about 11 years |
1.3.5 | BSD | 23 | 2012-12-10 - 21:39 | over 11 years |
1.3.4 | BSD | 23 | 2013-03-05 - 22:33 | about 11 years |
1.3.3 | BSD | 24 | 2012-08-01 - 22:08 | almost 12 years |
1.3.2 | BSD | 24 | 2012-07-30 - 23:02 | almost 12 years |
1.3.1 | BSD | 26 | 2011-09-10 - 03:36 | over 12 years |
1.3 | BSD | 30 | 2011-03-23 - 06:09 | about 13 years |
1.2.7 | BSD | 23 | 2011-09-11 - 03:05 | over 12 years |
1.2.6 | BSD | 27 | 2011-09-10 - 03:42 | over 12 years |
1.2.5 | BSD | 27 | 2011-02-09 - 04:08 | about 13 years |