Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (Django version) |
Remediation Possible** |
| CVE-2023-31047 |
 Critical |
9.8 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.19,4.1.9,4.2.1 |
✅ |
| CVE-2024-24680 |
 High |
7.5 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.24,4.2.10,5.0.2 |
✅ |
| CVE-2023-46695 |
High |
7.5 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.23,4.1.13,4.2.7 |
✅ |
| CVE-2023-43665 |
High |
7.5 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.22,4.1.12,4.2.6 |
✅ |
| CVE-2023-41164 |
High |
7.5 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.21,4.1.11,4.2.5 |
✅ |
| CVE-2023-36053 |
High |
7.5 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django -3.2.20,4.1.10,4.2.3 |
✅ |
| CVE-2024-27351 |
 Medium |
5.3 |
Django-3.2.18-py3-none-any.whl |
Direct |
Django - 3.2.25,4.2.11,5.0.3 |
✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-31047
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
Publish Date: 2023-05-07
URL: CVE-2023-31047
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q2/110
Release Date: 2023-05-07
Fix Resolution: Django - 3.2.19,4.1.9,4.2.1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-24680
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Publish Date: 2024-02-06
URL: CVE-2024-24680
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
Release Date: 2024-02-06
Fix Resolution: Django - 3.2.24,4.2.10,5.0.2
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-46695
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Publish Date: 2023-11-02
URL: CVE-2023-46695
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
Release Date: 2023-10-25
Fix Resolution: Django - 3.2.23,4.1.13,4.2.7
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-43665
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
Publish Date: 2023-11-03
URL: CVE-2023-43665
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-43665
Release Date: 2023-11-03
Fix Resolution: Django - 3.2.22,4.1.12,4.2.6
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-41164
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Publish Date: 2023-11-03
URL: CVE-2023-41164
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
Release Date: 2023-11-03
Fix Resolution: Django - 3.2.21,4.1.11,4.2.5
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-36053
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Publish Date: 2023-07-03
URL: CVE-2023-36053
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q3/2
Release Date: 2023-07-03
Fix Resolution: Django -3.2.20,4.1.10,4.2.3
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-27351
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ Django-3.2.18-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Publish Date: 2024-03-15
URL: CVE-2024-27351
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2024/q1/185
Release Date: 2024-03-15
Fix Resolution: Django - 3.2.25,4.2.11,5.0.3
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
Publish Date: 2023-05-07
URL: CVE-2023-31047
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q2/110
Release Date: 2023-05-07
Fix Resolution: Django - 3.2.19,4.1.9,4.2.1
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Publish Date: 2024-02-06
URL: CVE-2024-24680
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
Release Date: 2024-02-06
Fix Resolution: Django - 3.2.24,4.2.10,5.0.2
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Publish Date: 2023-11-02
URL: CVE-2023-46695
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
Release Date: 2023-10-25
Fix Resolution: Django - 3.2.23,4.1.13,4.2.7
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
Publish Date: 2023-11-03
URL: CVE-2023-43665
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-43665
Release Date: 2023-11-03
Fix Resolution: Django - 3.2.22,4.1.12,4.2.6
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Publish Date: 2023-11-03
URL: CVE-2023-41164
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
Release Date: 2023-11-03
Fix Resolution: Django - 3.2.21,4.1.11,4.2.5
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Publish Date: 2023-07-03
URL: CVE-2023-36053
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2023/q3/2
Release Date: 2023-07-03
Fix Resolution: Django -3.2.20,4.1.10,4.2.3
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - Django-3.2.18-py3-none-any.whl
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/57/12/da22535f809b8c06c8d58eaf236ec8683ffd4e1dc4eced175b174e6446fa/Django-3.2.18-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 245f12ecf6c7e5190473b72ff0af10149551df05
Found in base branch: master
Vulnerability Details
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
Publish Date: 2024-03-15
URL: CVE-2024-27351
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://seclists.org/oss-sec/2024/q1/185
Release Date: 2024-03-15
Fix Resolution: Django - 3.2.25,4.2.11,5.0.3
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.