Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 750
GHSA-3jqw-crqj-w8qw
Denial of service in django
GHSA-h95j-h2rv-qrg4
Django Cross-Site Request Forgery vulnerability
GHSA-5j2h-h5hg-3wf8
Cross-site request forgery in Django
CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...
CVE-2018-7536
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
CVE-2018-7536
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...
CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
CVE-2018-7536
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
BDU:2018-01507
Уязвимость функции django.utils.html.urlize и методов chars и words объектов django.utils.text.Truncator программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-3jqw-crqj-w8qw Denial of service in django | CVSS3: 7.5 | 2% Низкий | больше 7 лет назад |
| GHSA-h95j-h2rv-qrg4 Django Cross-Site Request Forgery vulnerability | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад |
| GHSA-5j2h-h5hg-3wf8 Cross-site request forgery in Django | CVSS3: 7.5 | 3% Низкий | больше 7 лет назад |
 | CVE-2018-7537 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
| CVE-2018-7537 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ... | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
| CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
| CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ... | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
 | CVE-2018-7537 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
| CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
 | BDU:2018-01507 Уязвимость функции django.utils.html.urlize и методов chars и words объектов django.utils.text.Truncator программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 1% Низкий | почти 8 лет назад |
Уязвимостей на страницу