Django@5.0.8 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

5.1.3
latest non vulnerable version

5.1.3
first published

15 years ago
latest version published

13 days ago
licenses detected
- BSD-3-Clause
  [3.1a1,)
View Django package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate `;`s, in the `django.utils.html.urlize()` and `django.utils.html.urlizetrunc()` template filter functions. How to fix Denial of Service (DoS)? Upgrade `django` to version 4.2.16, 5.0.9, 5.1.1 or higher.	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
M Improper Check for Unusual or Exceptional Conditions Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the `django.contrib.auth.forms.PasswordResetForm` class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes. How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade `django` to version 4.2.16, 5.0.9, 5.1.1 or higher.	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate ;s, in the django.utils.html.urlize() and django.utils.html.urlizetrunc() template filter functions.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)

Improper Check for Unusual or Exceptional Conditions

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the django.contrib.auth.forms.PasswordResetForm class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes.

How to fix Improper Check for Unusual or Exceptional Conditions?

Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)

Go back to all versions of this package

Django@5.0.8 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities