Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823)
- CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
python311-Django-4.2.11-150600.3.9.1
openSUSE Leap 15.6
python311-Django-4.2.11-150600.3.9.1
Ссылки
- Link for SUSE-SU-2024:3161-1
- E-Mail link for SUSE-SU-2024:3161-1
- SUSE Security Ratings
- SUSE Bug 1229823
- SUSE Bug 1229824
- SUSE CVE CVE-2024-45230 page
- SUSE CVE CVE-2024-45231 page
Описание
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.9.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.9.1
Ссылки
- CVE-2024-45230
- SUSE Bug 1229823
Описание
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.9.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.9.1
Ссылки
- CVE-2024-45231
- SUSE Bug 1229824