Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
GHSA-h5jv-4p7w-64jg
Django Denial-of-service in strip_tags()
GHSA-v9qg-3j8p-r63v
Uncontrolled Recursion in Django
GHSA-c4qh-4vgv-qc6g
Django Denial-of-service in django.utils.text.Truncator
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-14234 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | CVSS3: 9.8 | 19% Средний | больше 6 лет назад |
| CVE-2019-14234 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... | CVSS3: 9.8 | 19% Средний | больше 6 лет назад |
 | CVE-2019-14234 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | CVSS3: 9.8 | 19% Средний | больше 6 лет назад |
| GHSA-h5jv-4p7w-64jg Django Denial-of-service in strip_tags() | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
| GHSA-v9qg-3j8p-r63v Uncontrolled Recursion in Django | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
| GHSA-c4qh-4vgv-qc6g Django Denial-of-service in django.utils.text.Truncator | CVSS3: 7.5 | 3% Низкий | больше 6 лет назад |
| CVE-2019-14235 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
| CVE-2019-14235 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
| CVE-2019-14233 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
| CVE-2019-14233 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
Уязвимостей на страницу