Djangoproject

Django

153 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.22%
  • Veröffentlicht 07.07.2026 14:10:29
  • Zuletzt bearbeitet 09.07.2026 12:58:17

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with newlines ...

  • EPSS 0.29%
  • Veröffentlicht 07.07.2026 14:10:04
  • Zuletzt bearbeitet 09.07.2026 12:59:39

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a...

  • EPSS 0.38%
  • Veröffentlicht 07.07.2026 14:09:32
  • Zuletzt bearbeitet 09.07.2026 13:01:25

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers...

  • EPSS 0.15%
  • Veröffentlicht 03.06.2026 14:16:47
  • Zuletzt bearbeitet 05.06.2026 12:46:04

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake when `fail_silently=Tru...

  • EPSS 0.29%
  • Veröffentlicht 03.06.2026 14:16:47
  • Zuletzt bearbeitet 05.06.2026 12:38:18

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows remote attackers to read responses...

  • EPSS 0.25%
  • Veröffentlicht 03.06.2026 14:16:46
  • Zuletzt bearbeitet 05.06.2026 12:58:16

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and salt argument), which allows a remote attacker to ...

  • EPSS 0.35%
  • Veröffentlicht 03.06.2026 14:16:44
  • Zuletzt bearbeitet 05.06.2026 13:03:01

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows remote attacke...

  • EPSS 0.36%
  • Veröffentlicht 03.06.2026 14:16:41
  • Zuletzt bearbeitet 05.06.2026 13:03:52

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: pu...

  • EPSS 0.36%
  • Veröffentlicht 05.05.2026 16:16:18
  • Zuletzt bearbeitet 07.05.2026 14:16:04

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and serve...

  • EPSS 0.42%
  • Veröffentlicht 05.05.2026 16:16:17
  • Zuletzt bearbeitet 07.05.2026 14:16:39

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service...