Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 678
GHSA-5hgc-2vfp-mqvc
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
GHSA-rrqc-c2jx-6jgv
Django allows enumeration of user e-mail addresses
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ...
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, ...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
SUSE-SU-2024:3187-1
Security update for python-Django
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-5hgc-2vfp-mqvc Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| GHSA-rrqc-c2jx-6jgv Django allows enumeration of user e-mail addresses | CVSS3: 3.7 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-45231 An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| CVE-2024-45231 An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ... | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| CVE-2024-45230 An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| CVE-2024-45230 An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, ... | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-45231 An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| CVE-2024-45230 An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
 | SUSE-SU-2024:3187-1 Security update for python-Django | 0% Низкий | 11 месяцев назад | |
 | CVE-2024-45231 An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). | CVSS3: 3.7 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу