Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823)
- CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824)
Список пакетов
openSUSE Leap 15.5
python3-Django-2.0.7-150000.1.33.1
Ссылки
- Link for SUSE-SU-2024:3139-1
- E-Mail link for SUSE-SU-2024:3139-1
- SUSE Security Ratings
- SUSE Bug 1229823
- SUSE Bug 1229824
- SUSE CVE CVE-2024-45230 page
- SUSE CVE CVE-2024-45231 page
Описание
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Затронутые продукты
openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.33.1
Ссылки
- CVE-2024-45230
- SUSE Bug 1229823
Описание
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
Затронутые продукты
openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.33.1
Ссылки
- CVE-2024-45231
- SUSE Bug 1229824