Search CVE reports
1 – 10 of 161 results
Privilege abuse in ModelAdmin.list_editable
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Privilege abuse in GenericInlineModelAdmin
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ASGI header spoofing via underscore/hyphen conflation
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Not affected | Not affected |
Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Ignored | Ignored | Ignored |
Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 7
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Ignored | Ignored | Ignored |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html`...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |