Djangoproject

Django

128 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-38875

  • EPSS 0.33%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

5.3

CVE-2024-39329

  • EPSS 0.17%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an un...

4.3

CVE-2024-39330

  • EPSS 0.19%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class,...

7.5

CVE-2024-39614

  • EPSS 6.84%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:55

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

5.3

CVE-2024-27351

  • EPSS 1.86%
  • Veröffentlicht 15.03.2024 20:15:09
  • Zuletzt bearbeitet 04.11.2025 19:17:03

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack vi...

7.5

CVE-2024-24680

  • EPSS 0.99%
  • Veröffentlicht 06.02.2024 22:16:15
  • Zuletzt bearbeitet 04.11.2025 19:16:57

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

7.5

CVE-2023-43665

  • EPSS 2.79%
  • Veröffentlicht 03.11.2023 05:15:30
  • Zuletzt bearbeitet 04.11.2025 18:15:41

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, ...

7.5

CVE-2023-41164

  • EPSS 0.41%
  • Veröffentlicht 03.11.2023 05:15:29
  • Zuletzt bearbeitet 04.11.2025 18:15:41

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

7.5

CVE-2023-46695

  • EPSS 3.58%
  • Veröffentlicht 02.11.2023 06:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:05

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attac...

7.5

CVE-2023-36053

  • EPSS 9.6%
  • Veröffentlicht 03.07.2023 13:15:09
  • Zuletzt bearbeitet 04.11.2025 18:15:40

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.