Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field (bsc#1210866).
- CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742).
Список пакетов
openSUSE Leap 15.5
python3-Django-2.0.7-150000.1.11.1
Ссылки
- Link for SUSE-SU-2023:2839-1
- E-Mail link for SUSE-SU-2023:2839-1
- SUSE Security Ratings
- SUSE Bug 1210866
- SUSE Bug 1212742
- SUSE CVE CVE-2023-31047 page
- SUSE CVE CVE-2023-36053 page
Описание
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
Затронутые продукты
openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.11.1
Ссылки
- CVE-2023-31047
- SUSE Bug 1210866
Описание
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Затронутые продукты
openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.11.1
Ссылки
- CVE-2023-36053
- SUSE Bug 1212742