Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2022:10103-1

Опубликовано: 27 авг. 2022
Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

  • CVE-2022-36359: Fixed potential reflected file download vulnerability in FileResponse (boo#1201923)
    • Backport fix and tests from uptream branch 3.2.X

Список пакетов

SUSE Package Hub 15 SP4
python3-Django-2.2.28-bp154.2.3.3
openSUSE Leap 15.4
python3-Django-2.2.28-bp154.2.3.3

Описание

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.


Затронутые продукты
SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.3.3
openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.3.3

Ссылки