Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
SUSE-SU-2025:02248-1
Security update for python-Django
BDU:2025-09182
Уязвимость обработчика CSV-файлов программной платформы для разработки веб-приложений Django, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2025:01952-1
Security update for python-Django
GHSA-7xr5-9hcq-chf9
Django Improper Output Neutralization for Logs vulnerability
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ...
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
BDU:2025-06450
Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале
SUSE-SU-2025:01523-1
Security update for python-Django
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2025:02248-1 Security update for python-Django | 0% Низкий | 7 месяцев назад | |
 | BDU:2025-09182 Уязвимость обработчика CSV-файлов программной платформы для разработки веб-приложений Django, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.9 | 8 месяцев назад | |
| SUSE-SU-2025:01952-1 Security update for python-Django | 0% Низкий | 8 месяцев назад | |
| GHSA-7xr5-9hcq-chf9 Django Improper Output Neutralization for Logs vulnerability | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
| CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ... | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад |
| BDU:2025-06450 Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале | CVSS3: 4 | 0% Низкий | 8 месяцев назад |
| SUSE-SU-2025:01523-1 Security update for python-Django | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу