[USN-6888-1] Django vulnerabilities
Several security issues were fixed in Django.
Elias Myllymäki discovered that Django incorrectly handled certain inputs
with a large number of brackets. A remote attacker could possibly use this
issue to cause Django to consume resources or stop responding, resulting in
a denial of service. (CVE-2024-38875)
It was discovered that Django incorrectly handled authenticating users with
unusable passwords. A remote attacker could possibly use this issue to
perform a timing attack and enumerate users. (CVE-2024-39329)
Josh Schneier discovered that Django incorrectly handled file path
validation when the storage class is being derived. A remote attacker could
possibly use this issue to save files into arbitrary directories.
(CVE-2024-39330)
It was discovered that Django incorrectly handled certain long strings that
included a specific set of characters. A remote attacker could possibly use
this issue to cause Django to consume resources or stop responding,
resulting in a denial of service. (CVE-2024-39614)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/python3-django?distro=noble | < 4.2.11-1ubuntu1.1 |
pkg:deb/ubuntu/python3-django?distro=mantic | < 4.2.4-1ubuntu2.3 |
pkg:deb/ubuntu/python3-django?distro=jammy | < 3.2.12-2ubuntu1.12 |
pkg:deb/ubuntu/python3-django?distro=focal | < 2.2.12-1ubuntu0.23 |
pkg:deb/ubuntu/python-django-doc?distro=noble | < 4.2.11-1ubuntu1.1 |
pkg:deb/ubuntu/python-django-doc?distro=mantic | < 4.2.4-1ubuntu2.3 |
pkg:deb/ubuntu/python-django-doc?distro=jammy | < 3.2.12-2ubuntu1.12 |
pkg:deb/ubuntu/python-django-doc?distro=focal | < 2.2.12-1ubuntu0.23 |
- ID
- USN-6888-1
- Severity
- high
- Severity from
- CVE-2024-38875
- URL
- https://ubuntu.com/security/notices/USN-6888-1
- Published
-
2024-07-09T17:05:30
(5 months ago) - Modified
-
2024-07-09T17:05:30
(5 months ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/python3-django?distro=noble | ubuntu | python3-django | < 4.2.11-1ubuntu1.1 | noble | ||
Affected | pkg:deb/ubuntu/python3-django?distro=mantic | ubuntu | python3-django | < 4.2.4-1ubuntu2.3 | mantic | ||
Affected | pkg:deb/ubuntu/python3-django?distro=jammy | ubuntu | python3-django | < 3.2.12-2ubuntu1.12 | jammy | ||
Affected | pkg:deb/ubuntu/python3-django?distro=focal | ubuntu | python3-django | < 2.2.12-1ubuntu0.23 | focal | ||
Affected | pkg:deb/ubuntu/python-django-doc?distro=noble | ubuntu | python-django-doc | < 4.2.11-1ubuntu1.1 | noble | ||
Affected | pkg:deb/ubuntu/python-django-doc?distro=mantic | ubuntu | python-django-doc | < 4.2.4-1ubuntu2.3 | mantic | ||
Affected | pkg:deb/ubuntu/python-django-doc?distro=jammy | ubuntu | python-django-doc | < 3.2.12-2ubuntu1.12 | jammy | ||
Affected | pkg:deb/ubuntu/python-django-doc?distro=focal | ubuntu | python-django-doc | < 2.2.12-1ubuntu0.23 | focal |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |