Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django

Вендор: djangoproject

График релизов

Недавние уязвимости Django

Количество 751

CVE-2024-56374

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ...

CVSS3: 5.8

EPSS: Низкий

CVE-2024-56374

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

CVSS3: 5.8

EPSS: Низкий

CVE-2024-56374

около 1 года назад

CVSS3: 5.8

EPSS: Низкий

BDU:2025-01179

около 1 года назад

Уязвимость функций clean_ipv6_address и is_valid_ipv6_address программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 5.8

EPSS: Низкий

GHSA-m9g8-fxxm-xg86

около 1 года назад

Django SQL injection in HasKey(lhs, rhs) on Oracle

CVSS3: 9.8

EPSS: Низкий

GHSA-8498-2h75-472j

около 1 года назад

Django denial-of-service in django.utils.html.strip_tags()

CVSS3: 7.5

EPSS: Низкий

CVE-2024-53908

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

CVSS3: 9.8

EPSS: Низкий

CVE-2024-53908

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...

CVSS3: 9.8

EPSS: Низкий

CVE-2024-53907

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-53907

около 1 года назад

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ...	CVSS3: 5.8	0% Низкий	около 1 года назад
CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)	CVSS3: 5.8	0% Низкий	около 1 года назад
CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)	CVSS3: 5.8	0% Низкий	около 1 года назад
BDU:2025-01179 Уязвимость функций clean_ipv6_address и is_valid_ipv6_address программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 5.8	0% Низкий	около 1 года назад
GHSA-m9g8-fxxm-xg86 Django SQL injection in HasKey(lhs, rhs) on Oracle	CVSS3: 9.8	1% Низкий	около 1 года назад
GHSA-8498-2h75-472j Django denial-of-service in django.utils.html.strip_tags()	CVSS3: 7.5	1% Низкий	около 1 года назад
CVE-2024-53908 An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)	CVSS3: 9.8	1% Низкий	около 1 года назад
CVE-2024-53908 An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...	CVSS3: 9.8	1% Низкий	около 1 года назад
CVE-2024-53907 An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.	CVSS3: 7.5	1% Низкий	около 1 года назад
CVE-2024-53907 An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...	CVSS3: 7.5	1% Низкий	около 1 года назад

Уязвимостей на страницу