Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2023:0005-1

Опубликовано: 03 янв. 2023
Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

  • CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793)

  • CVE-2022-36359: Fixed a potential reflected file download vulnerability in FileResponse (boo#1201923)

  • Update from 2.2.12 to 2.2.28 (boo#1198297)

    2.2.28:

    • CVE-2022-28346: Fixed potential SQL injection in QuerySet.annotate(), aggregate(), and extra() (bsc#1198398)
    • CVE-2022-28347: Fixed potential SQL injection via QuerySet.explain(**options) (bsc#1198399)

    2.2.27:

    • CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086)
    • CVE-2022-23833: Fixed denial-of-service possibility in file uploads (bsc#1195088)

    2.2.26:

    • CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115)
    • CVE-2021-45116: Potential information disclosure in dictsort template filter (bsc#1194117)
    • CVE-2021-45452: Potential directory-traversal via Storage.save() (bsc#)

    2.2.25:

    • CVE-2021-44420: Potential bypass of an upstream access control based on URL paths (bsc#1193240)

    2.2.24:

    • CVE-2021-33203: Potential directory traversal via admindocs
    • CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses

    2.2.23:

    • regression fix

    2.2.22:

    • CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+

Список пакетов

SUSE Package Hub 15 SP3
python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3
python3-Django-2.2.28-bp153.2.3.1

Ссылки

Описание

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки

Описание

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Затронутые продукты
SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1
openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1
Ссылки