Django@4.2.14 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Direct Vulnerabilities

Known vulnerabilities in the Django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate ;s, in the django.utils.html.urlize() and django.utils.html.urlizetrunc() template filter functions.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
  • M
Improper Check for Unusual or Exceptional Conditions

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the django.contrib.auth.forms.PasswordResetForm class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes.

How to fix Improper Check for Unusual or Exceptional Conditions?

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
  • C
SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the QuerySet.values() and values_list() methods on models with a JSONField. An attacker can exploit this vulnerability through column aliases by using a maliciously crafted JSON object object key as a passed *arg.

How to fix SQL Injection?

Upgrade django to version 4.2.15, 5.0.8 or higher.

[,4.2.15) [5.0,5.0.8)
  • M
Uncontrolled Resource Consumption

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the floatformat() template filter, when given a string representation of a number in scientific notation with a large exponent.

How to fix Uncontrolled Resource Consumption?

Upgrade django to version 4.2.15, 5.0.8 or higher.

[,4.2.15) [5.0,5.0.8)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.2.15, 5.0.8 or higher.

[,4.2.15) [5.0,5.0.8)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the urlize() and urlizetrunc() template filters.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.2.15, 5.0.8 or higher.

[,4.2.15) [5.0,5.0.8)