Python/django/4.2.13
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
https://pypi.org/project/django
BSD-3-Clause
AND
BSD
2 Security Vulnerabilities
Django denial-of-service in django.utils.html.strip_tags()
Published date: 2024-12-06T12:30:47Z
CVE: CVE-2024-53907
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-53907
- https://docs.djangoproject.com/en/dev/releases/security
- https://groups.google.com/g/django-announce
- https://www.openwall.com/lists/oss-security/2024/12/04/3
- https://www.djangoproject.com/weblog/2024/dec/04/security-releases
- https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
- https://github.com/advisories/GHSA-8498-2h75-472j
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
Affected versions:
["4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9", "4.2.10", "4.2.11", "4.2.12", "4.2.13", "4.2.14", "4.2.15", "4.2.16", "5.0", "5.0.1", "5.0.2", "5.0.3", "5.0.4", "5.0.5", "5.0.6", "5.0.7", "5.0.8", "5.0.9", "5.1", "5.1.1", "5.1.2", "5.1.3"]
Secure versions:
[2.2.27, 2.2.28, 3.0a1, 3.1.12, 3.1.13, 3.1.14, 3.2.25, 4.1.13, 4.2.17, 4.2.18, 4.2.19, 4.2.20, 4.2.21, 4.2.22, 4.2.23, 4.2a1, 4.2b1, 4.2rc1, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0a1, 5.0b1, 5.0rc1, 5.1.10, 5.1.11, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1a1, 5.1b1, 5.1rc1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2a1, 5.2b1, 5.2rc1]
Recommendation:
Update to version 5.2.3.
Django SQL injection in HasKey(lhs, rhs) on Oracle
Published date: 2024-12-06T12:30:47Z
CVE: CVE-2024-53908
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-53908
- https://docs.djangoproject.com/en/dev/releases/security
- https://groups.google.com/g/django-announce
- https://www.openwall.com/lists/oss-security/2024/12/04/3
- https://www.djangoproject.com/weblog/2024/dec/04/security-releases
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml
- https://github.com/advisories/GHSA-m9g8-fxxm-xg86
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.haskey lookup via _ are unaffected.)
Affected versions:
["4.2", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9", "4.2.10", "4.2.11", "4.2.12", "4.2.13", "4.2.14", "4.2.15", "4.2.16", "5.0", "5.0.1", "5.0.2", "5.0.3", "5.0.4", "5.0.5", "5.0.6", "5.0.7", "5.0.8", "5.0.9", "5.1", "5.1.1", "5.1.2", "5.1.3"]
Secure versions:
[2.2.27, 2.2.28, 3.0a1, 3.1.12, 3.1.13, 3.1.14, 3.2.25, 4.1.13, 4.2.17, 4.2.18, 4.2.19, 4.2.20, 4.2.21, 4.2.22, 4.2.23, 4.2a1, 4.2b1, 4.2rc1, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0a1, 5.0b1, 5.0rc1, 5.1.10, 5.1.11, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1a1, 5.1b1, 5.1rc1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2a1, 5.2b1, 5.2rc1]
Recommendation:
Update to version 5.2.3.
400 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 2.2a1 | BSD | 3 | 2019-01-17 - 15:35 | over 6 years |
| 2.2b1 | BSD | 3 | 2019-02-11 - 10:33 | over 6 years |
| 3.0rc1 | BSD | 1 | 2019-11-18 - 08:51 | over 5 years |
| 3.1b1 | BSD-3-Clause AND BSD | 2 | 2020-06-15 - 08:15 | about 5 years |
| 3.2b1 | BSD-3-Clause AND BSD | 1 | 2021-02-19 - 09:35 | over 4 years |
| 1.11rc1 | BSD | 24 | 2017-03-21 - 22:55 | over 8 years |
| 4.0a1 | BSD-3-Clause AND BSD | 1 | 2021-09-21 - 19:08 | almost 4 years |
| 4.0b1 | BSD-3-Clause AND BSD | 1 | 2021-10-25 - 09:23 | over 3 years |
| 1.10b1 | BSD | 25 | 2016-06-22 - 01:15 | about 9 years |
| 4.0rc1 | BSD-3-Clause AND BSD | 1 | 2021-11-22 - 06:37 | over 3 years |
| 4.1a1 | BSD-3-Clause AND BSD | 2 | 2022-05-18 - 05:54 | about 3 years |
| 4.1b1 | BSD-3-Clause AND BSD | 2 | 2022-06-21 - 09:20 | about 3 years |
| 4.1rc1 | BSD-3-Clause AND BSD | 2 | 1970-01-01 - 00:00 | over 55 years |
| 4.2a1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 4.2b1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 4.2rc1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 1.8b2 | BSD | 6 | 2015-03-09 - 15:55 | over 10 years |
| 5.0a1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 5.0b1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 5.0rc1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 1.11a1 | BSD | 25 | 2017-01-18 - 01:01 | over 8 years |
| 1.11b1 | BSD | 25 | 2017-02-20 - 23:21 | over 8 years |
| 5.1a1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 2.1a1 | BSD | 3 | 2018-05-18 - 01:01 | about 7 years |
| 5.1b1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 5.1rc1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 3.1a1 | BSD-3-Clause AND BSD | 1 | 2020-05-14 - 09:41 | about 5 years |
| 5.2a1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 1.8a1 | BSD | 6 | 2015-01-16 - 22:25 | over 10 years |
| 3.1rc1 | BSD-3-Clause AND BSD | 2 | 2020-07-20 - 06:38 | almost 5 years |
| 5.2b1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 5.2rc1 | BSD-3-Clause AND BSD | 1970-01-01 - 00:00 | over 55 years | |
| 1.8b1 | BSD | 7 | 2015-02-25 - 13:42 | over 10 years |
| 1.8c1 | BSD | 5 | 2015-03-18 - 23:39 | over 10 years |
| 1.9rc1 | BSD | 3 | 2015-11-16 - 21:10 | over 9 years |
| 2.0b1 | BSD | 2 | 2017-10-17 - 02:00 | over 7 years |
| 1.9b1 | BSD | 3 | 2015-10-20 - 01:17 | over 9 years |
| 3.0b1 | BSD | 1 | 2019-10-14 - 10:21 | over 5 years |
| 3.2a1 | BSD-3-Clause AND BSD | 1 | 2021-01-19 - 13:04 | over 4 years |
| 1.9rc2 | BSD | 2 | 2015-11-24 - 17:35 | over 9 years |
| 2.0rc1 | BSD | 2 | 2017-11-15 - 23:51 | over 7 years |
| 2.1b1 | BSD | 3 | 2018-06-18 - 23:55 | about 7 years |
| 3.2rc1 | BSD-3-Clause AND BSD | 1 | 2021-03-18 - 13:55 | over 4 years |
| 2.2rc1 | BSD | 3 | 2019-03-18 - 08:57 | over 6 years |
| 1.10rc1 | BSD | 24 | 2016-07-18 - 18:04 | almost 9 years |
| 3.0a1 | BSD | 2019-09-10 - 09:19 | almost 6 years | |
| 1.10a1 | BSD | 25 | 2016-05-20 - 12:16 | about 9 years |
| 1.9a1 | BSD | 3 | 2015-09-24 - 00:20 | almost 10 years |
| 2.0a1 | BSD | 2 | 2017-09-22 - 18:09 | almost 8 years |
| 2.1rc1 | BSD | 3 | 2018-07-18 - 17:35 | almost 7 years |