Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 751
GHSA-jh75-99hh-qvx9
Django memory consumption vulnerability
GHSA-pv4p-cwwg-4rph
Django SQL injection vulnerability
GHSA-795c-9xpc-xw6g
Django vulnerable to a denial-of-service attack
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
CVE-2024-41991
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
CVE-2024-41991
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
CVE-2024-41990
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
CVE-2024-41990
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
CVE-2024-41989
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jh75-99hh-qvx9 Django memory consumption vulnerability | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
| GHSA-pv4p-cwwg-4rph Django SQL injection vulnerability | CVSS3: 9.1 | 0% Низкий | больше 1 года назад |
| GHSA-795c-9xpc-xw6g Django vulnerable to a denial-of-service attack | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
 | CVE-2024-42005 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | CVSS3: 7.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-42005 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... | CVSS3: 7.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-41991 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-41991 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-41990 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-41990 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-41989 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу