Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2022-36359: Fixed potential reflected file download vulnerability in FileResponse (boo#1201923)
- Backport fix and tests from uptream branch 3.2.X
Список пакетов
SUSE Package Hub 15 SP4
python3-Django-2.2.28-bp154.2.3.3
openSUSE Leap 15.4
python3-Django-2.2.28-bp154.2.3.3
Ссылки
- E-Mail link for openSUSE-SU-2022:10103-1
- SUSE Security Ratings
- SUSE Bug 1201923
- SUSE CVE CVE-2022-36359 page
Описание
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
Затронутые продукты
SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.3.3
openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.3.3
Ссылки
- CVE-2022-36359
- SUSE Bug 1201923