Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Django
(Djangoproject)| Repositories | https://github.com/django/django |
| #Vulnerabilities | 107 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-07 | CVE-2024-42005 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | Django | 9.8 | ||
| 2024-08-07 | CVE-2024-41989 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | Django | 7.5 | ||
| 2024-08-07 | CVE-2024-41991 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | Django | 7.5 | ||
| 2024-08-07 | CVE-2024-41990 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | Django | 7.5 |