Python/django/4.0.7

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

https://pypi.org/project/django
BSD-3-Clause AND BSD

3 Security Vulnerabilities

Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

Published date: 2023-07-03T15:30:45Z
CVE: CVE-2023-36053
Links:

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Affected versions: ["3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16", "3.2.17", "3.2.18", "3.2.19", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.1a1", "4.0.5", "4.1b1", "4.0.6", "4.1rc1", "4.0.7", "4.1", "4.1.1", "4.0.8", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.0.9", "4.1.6", "4.0.10", "4.1.7", "4.1.8", "4.1.9", "4.2", "4.2.1", "4.2.2"]
Secure versions: [3.0a1, 3.1.12, 3.1.13, 3.1.14, 2.2.27, 2.2.28, 4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6, 5.1a1, 5.1b1, 4.2.14, 5.0.7, 5.1rc1, 4.2.15, 5.0.8, 5.1, 4.2.16, 5.0.9, 5.1.1, 5.1.2, 5.1.3]
Recommendation: Update to version 5.1.3.

Django contains Uncontrolled Resource Consumption via cached header

Published date: 2023-02-01T21:30:23Z
CVE: CVE-2023-23969
Links:

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Affected versions: ["4.0b1", "4.0rc1", "4.1a1", "4.1b1", "4.1rc1", "4.1", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.0a1", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "3.0b1", "3.0rc1", "3.1b1", "3.1rc1", "3.2", "3.2a1", "3.2b1", "3.2rc1", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15", "3.2.16"]
Secure versions: [3.0a1, 3.1.12, 3.1.13, 3.1.14, 2.2.27, 2.2.28, 4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6, 5.1a1, 5.1b1, 4.2.14, 5.0.7, 5.1rc1, 4.2.15, 5.0.8, 5.1, 4.2.16, 5.0.9, 5.1.1, 5.1.2, 5.1.3]
Recommendation: Update to version 5.1.3.

Django denial-of-service vulnerability in internationalized URLs

Published date: 2022-10-16T12:00:23Z
CVE: CVE-2022-41323
Links:

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Affected versions: ["4.1", "4.1.1", "4.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "3.2", "3.2.1", "3.2.2", "3.2.3", "3.2.4", "3.2.5", "3.2.6", "3.2.7", "3.2.8", "3.2.9", "3.2.10", "3.2.11", "3.2.12", "3.2.13", "3.2.14", "3.2.15"]
Secure versions: [3.0a1, 3.1.12, 3.1.13, 3.1.14, 2.2.27, 2.2.28, 4.2a1, 4.2b1, 4.2rc1, 5.0a1, 5.0b1, 4.1.13, 5.0rc1, 3.2.25, 4.2.11, 5.0.3, 5.0.4, 4.2.12, 5.0.5, 4.2.13, 5.0.6, 5.1a1, 5.1b1, 4.2.14, 5.0.7, 5.1rc1, 4.2.15, 5.0.8, 5.1, 4.2.16, 5.0.9, 5.1.1, 5.1.2, 5.1.3]
Recommendation: Update to version 5.1.3.

373 Other Versions

Version License Security Released
5.1.3 BSD-3-Clause AND BSD
5.1.2 BSD-3-Clause AND BSD
5.1.1 BSD-3-Clause AND BSD
5.1 BSD-3-Clause AND BSD
5.0.9 BSD-3-Clause AND BSD
5.0.8 BSD-3-Clause AND BSD
5.0.7 BSD-3-Clause AND BSD
5.0.6 BSD-3-Clause AND BSD
5.0.5 BSD-3-Clause AND BSD
5.0.4 BSD-3-Clause AND BSD
5.0.3 BSD-3-Clause AND BSD
5.0.2 BSD-3-Clause AND BSD 1
5.0.1 BSD-3-Clause AND BSD 2
5.0 BSD-3-Clause AND BSD 2
4.2.16 BSD-3-Clause AND BSD
4.2.15 BSD-3-Clause AND BSD
4.2.14 BSD-3-Clause AND BSD
4.2.13 BSD-3-Clause AND BSD
4.2.12 BSD-3-Clause AND BSD
4.2.11 BSD-3-Clause AND BSD
4.2.10 BSD-3-Clause AND BSD 1
4.2.9 BSD-3-Clause AND BSD 2
4.2.8 BSD-3-Clause AND BSD 2
4.2.7 BSD-3-Clause AND BSD 2
4.2.6 BSD-3-Clause AND BSD 3
4.2.5 BSD-3-Clause AND BSD 4
4.2.4 BSD-3-Clause AND BSD 5
4.2.3 BSD-3-Clause AND BSD 5
4.2.2 BSD-3-Clause AND BSD 6
4.2.1 BSD-3-Clause AND BSD 6
4.2 BSD-3-Clause AND BSD 6
4.1.13 BSD-3-Clause AND BSD
4.1.12 BSD-3-Clause AND BSD 1
4.1.11 BSD-3-Clause AND BSD 2
4.1.10 BSD-3-Clause AND BSD 3
4.1.9 BSD-3-Clause AND BSD 4
4.1.8 BSD-3-Clause AND BSD 4
4.1.7 BSD-3-Clause AND BSD 4
4.1.6 BSD-3-Clause AND BSD 4
4.1.5 BSD-3-Clause AND BSD 5
4.1.4 BSD-3-Clause AND BSD 5
4.1.3 BSD-3-Clause AND BSD 5
4.1.2 BSD-3-Clause AND BSD 5
4.1.1 BSD-3-Clause AND BSD 6
4.1 BSD-3-Clause AND BSD 6
4.0.10 BSD-3-Clause AND BSD 1
4.0.9 BSD-3-Clause AND BSD 1
4.0.8 BSD-3-Clause AND BSD 2
4.0.7 BSD-3-Clause AND BSD 3
4.0.6 BSD-3-Clause AND BSD 3 2022-07-04 - 07:57 over 2 years
4.0.5 BSD-3-Clause AND BSD 4 2022-06-01 - 12:22 over 2 years
4.0.4 BSD-3-Clause AND BSD 4 2022-04-11 - 07:53 over 2 years
4.0.3 BSD-3-Clause AND BSD 4 2022-03-01 - 08:47 over 2 years
4.0.2 BSD-3-Clause AND BSD 4 2022-02-01 - 07:56 almost 3 years
4.0.1 BSD-3-Clause AND BSD 6 2022-01-04 - 09:53 almost 3 years
4.0 BSD-3-Clause AND BSD 6 2021-12-07 - 09:19 almost 3 years
3.2.25 BSD-3-Clause AND BSD
3.2.24 BSD-3-Clause AND BSD 1
3.2.23 BSD-3-Clause AND BSD 1
3.2.22 BSD-3-Clause AND BSD 2
3.2.21 BSD-3-Clause AND BSD 3
3.2.20 BSD-3-Clause AND BSD 4
3.2.19 BSD-3-Clause AND BSD 5
3.2.18 BSD-3-Clause AND BSD 5
3.2.17 BSD-3-Clause AND BSD 5
3.2.16 BSD-3-Clause AND BSD 6
3.2.15 BSD-3-Clause AND BSD 7
3.2.14 BSD-3-Clause AND BSD 7 2022-07-04 - 07:57 over 2 years
3.2.13 BSD-3-Clause AND BSD 8 2022-04-11 - 07:52 over 2 years
3.2.12 BSD-3-Clause AND BSD 8 2022-02-01 - 07:56 almost 3 years
3.2.11 BSD-3-Clause AND BSD 10 2022-01-04 - 09:53 almost 3 years
3.2.10 BSD-3-Clause AND BSD 10 2021-12-07 - 07:34 almost 3 years
3.2.9 BSD-3-Clause AND BSD 10 2021-11-01 - 09:31 about 3 years
3.2.8 BSD-3-Clause AND BSD 10 2021-10-05 - 07:46 about 3 years
3.2.7 BSD-3-Clause AND BSD 10 2021-09-01 - 05:57 about 3 years
3.2.6 BSD-3-Clause AND BSD 10 2021-08-02 - 06:28 over 3 years
3.2.5 BSD-3-Clause AND BSD 10 2021-07-01 - 07:40 over 3 years
3.2.4 BSD-3-Clause AND BSD 10 2021-06-02 - 08:54 over 3 years
3.2.3 BSD-3-Clause AND BSD 11 2021-05-13 - 07:36 over 3 years
3.2.2 BSD-3-Clause AND BSD 11 2021-05-06 - 07:40 over 3 years
3.2.1 BSD-3-Clause AND BSD 11 2021-05-04 - 08:47 over 3 years
3.2 BSD-3-Clause AND BSD 11 2021-04-06 - 09:33 over 3 years
3.1.14 BSD-3-Clause AND BSD 2021-12-07 - 07:34 almost 3 years
3.1.13 BSD-3-Clause AND BSD 2021-07-01 - 07:39 over 3 years
3.1.12 BSD-3-Clause AND BSD 2021-06-02 - 08:53 over 3 years
3.1.11 BSD-3-Clause AND BSD 1 2021-05-13 - 07:36 over 3 years
3.1.10 BSD-3-Clause AND BSD 1 2021-05-06 - 07:40 over 3 years
3.1.9 BSD-3-Clause AND BSD 1 2021-05-04 - 08:47 over 3 years
3.1.8 BSD-3-Clause AND BSD 1 2021-04-06 - 07:34 over 3 years
3.1.7 BSD-3-Clause AND BSD 1 2021-02-19 - 09:08 over 3 years
3.1.6 BSD-3-Clause AND BSD 1 2021-02-01 - 09:28 almost 4 years
3.1.5 BSD-3-Clause AND BSD 2 2021-01-04 - 07:54 almost 4 years
3.1.4 BSD-3-Clause AND BSD 2 2020-12-01 - 06:03 almost 4 years
3.1.3 BSD-3-Clause AND BSD 2 2020-11-02 - 08:12 about 4 years
3.1.2 BSD-3-Clause AND BSD 2 2020-10-01 - 05:38 about 4 years
3.1.1 BSD-3-Clause AND BSD 2 2020-09-01 - 09:14 about 4 years
3.1 BSD-3-Clause AND BSD 4 2020-08-04 - 08:07 over 4 years
3.0.14 BSD 1 2021-04-06 - 07:34 over 3 years
3.0.13 BSD 1 2021-02-19 - 09:08 over 3 years
3.0.12 BSD 1 2021-02-01 - 09:28 almost 4 years