Djangoproject

Django

153 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.2%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 04.11.2025 17:16:03

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

  • EPSS 1.26%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 04.11.2025 17:16:03

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

  • EPSS 0.95%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 04.11.2025 17:16:03

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number...

  • EPSS 1.23%
  • Veröffentlicht 07.08.2024 15:15:56
  • Zuletzt bearbeitet 04.11.2025 17:16:04

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

  • EPSS 1.19%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

  • EPSS 0.89%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an un...

  • EPSS 1.01%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:54

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class,...

  • EPSS 28.64%
  • Veröffentlicht 10.07.2024 05:15:12
  • Zuletzt bearbeitet 04.11.2025 17:15:55

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.

  • EPSS 1.85%
  • Veröffentlicht 15.03.2024 20:15:09
  • Zuletzt bearbeitet 04.11.2025 19:17:03

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack vi...

  • EPSS 1.61%
  • Veröffentlicht 06.02.2024 22:16:15
  • Zuletzt bearbeitet 04.11.2025 19:16:57

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.