Django@5.0.7 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

5.1.3
latest non vulnerable version

5.1.3
first published

15 years ago
latest version published

13 days ago
licenses detected
- BSD-3-Clause
  [3.1a1,)
View Django package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate `;`s, in the `django.utils.html.urlize()` and `django.utils.html.urlizetrunc()` template filter functions. How to fix Denial of Service (DoS)? Upgrade `django` to version 4.2.16, 5.0.9, 5.1.1 or higher.	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
M Improper Check for Unusual or Exceptional Conditions Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the `django.contrib.auth.forms.PasswordResetForm` class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes. How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade `django` to version 4.2.16, 5.0.9, 5.1.1 or higher.	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `QuerySet.values()` and `values_list()` methods on models with a `JSONField`. An attacker can exploit this vulnerability through column aliases by using a maliciously crafted JSON object object key as a passed `*arg`. How to fix SQL Injection? Upgrade `django` to version 4.2.15, 5.0.8 or higher.	[,4.2.15) [5.0,5.0.8)
M Uncontrolled Resource Consumption Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the `floatformat()` template filter, when given a string representation of a number in scientific notation with a large exponent. How to fix Uncontrolled Resource Consumption? Upgrade `django` to version 4.2.15, 5.0.8 or higher.	[,4.2.15) [5.0,5.0.8)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the `urlize` and `urlizetrunc` template filters, and the `AdminURLFieldWidget` widget. How to fix Denial of Service (DoS)? Upgrade `django` to version 4.2.15, 5.0.8 or higher.	[,4.2.15) [5.0,5.0.8)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the `urlize()` and `urlizetrunc()` template filters. How to fix Denial of Service (DoS)? Upgrade `django` to version 4.2.15, 5.0.8 or higher.	[,4.2.15) [5.0,5.0.8)

Go back to all versions of this package

Django@5.0.7 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities