Djangoproject

Django

123 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-45230

  • EPSS 0.33%
  • Veröffentlicht 08.10.2024 16:15:11
  • Zuletzt bearbeitet 17.03.2025 15:15:41

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of charact...

5.3

CVE-2024-45231

  • EPSS 0.06%
  • Veröffentlicht 08.10.2024 16:15:11
  • Zuletzt bearbeitet 17.03.2025 18:15:17

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending passwor...

7.5

CVE-2024-41989

  • EPSS 0.42%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 14.03.2025 19:15:47

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

7.5

CVE-2024-41990

  • EPSS 0.54%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 07.08.2024 20:49:50

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

7.5

CVE-2024-41991

  • EPSS 0.28%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 07.08.2024 20:48:22

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number...

7.3

CVE-2024-42005

  • EPSS 0.11%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 23.10.2024 18:22:48

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

7.5

CVE-2024-38875

  • EPSS 0.3%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 16.06.2025 21:39:39

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

5.3

CVE-2024-39329

  • EPSS 0.11%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 16.06.2025 21:39:25

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an un...

4.3

CVE-2024-39330

  • EPSS 0.13%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 16.06.2025 21:39:07

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class,...

7.5

CVE-2024-39614

  • EPSS 5.72%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 16.06.2025 21:38:55

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.