Django 5.1.4 vulnerabilities

Known vulnerabilities in the Django package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Output Neutralization for Logs Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the `request.path` function used by HTTP responses, which allows control characters to be written unescaped into logs. An attacker can manipulate log entries and potentially cause log injection or forgery by sending specially crafted URLs. How to fix Improper Output Neutralization for Logs? Upgrade `Django` to version 4.2.22, 5.1.10, 5.2.2 or higher.	[,4.2.22)[5.0a1,5.1.10)[5.2a1,5.2.2)
M Allocation of Resources Without Limits or Throttling Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `strip_tags()` function. An attacker can cause slow performance by supplying large sequences of incomplete HTML tags. Note: This also affects the striptags template filter which is built on top of `strip_tags()` How to fix Allocation of Resources Without Limits or Throttling? Upgrade `Django` to version 4.2.21, 5.1.9, 5.2.1 or higher.	[4.2,4.2.21)[5.0a1,5.1.9)[5.2a1,5.2.1)
M Allocation of Resources Without Limits or Throttling Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in `django.contrib.auth.views.LoginView`, `django.contrib.auth.views.LogoutView`, and `django.views.i18n.set_language()`, whose NFKC operations are inefficient. An attacker can cause degradation of performance by sending requests with a very large number of Unicode characters, which are subject to NFKC normalization. Note: This is only exploitable on Windows. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `Django` to version 5.0.14, 5.1.8, 5.2 or higher.	[,5.0.14)[5.1a1,5.1.8)[5.2a1,5.2)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `django.utils.text.wrap()` function and `wordwrap` template filter. When either is supplied an excessively long string it may render the application unresponsive. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `django` to version 4.2.20, 5.0.13, 5.1.7 or higher.	[,4.2.20)[5.0a1,5.0.13)[5.1a1,5.1.7)
M Denial of Service (DoS) Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Denial of Service (DoS) through the `clean_ipv6_address` and `is_valid_ipv6_address` functions, as well as the `GenericIPAddressField` form field due to improper length validation. An attacker can cause the application to consume excessive resources by sending specially crafted IPv6 addresses. Note: The `django.db.models.GenericIPAddressField` model field was not affected. How to fix Denial of Service (DoS)? Upgrade `Django` to version 4.2.18, 5.0.11, 5.1.5 or higher.	[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) through the `clean_ipv6_address` and `is_valid_ipv6_address` functions, as well as the `GenericIPAddressField` form field due to improper length validation. An attacker can cause the application to consume excessive resources by sending specially crafted IPv6 addresses. Note: The `django.db.models.GenericIPAddressField` model field was not affected. How to fix Denial of Service (DoS)? Upgrade `django` to version 4.2.18, 5.0.11, 5.1.5 or higher.	[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)

Vulnerability

Vulnerable Version

Improper Output Neutralization for Logs

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the request.path function used by HTTP responses, which allows control characters to be written unescaped into logs. An attacker can manipulate log entries and potentially cause log injection or forgery by sending specially crafted URLs.

How to fix Improper Output Neutralization for Logs?

Upgrade Django to version 4.2.22, 5.1.10, 5.2.2 or higher.

[,4.2.22)[5.0a1,5.1.10)[5.2a1,5.2.2)

Allocation of Resources Without Limits or Throttling

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the strip_tags() function. An attacker can cause slow performance by supplying large sequences of incomplete HTML tags.

Note: This also affects the striptags template filter which is built on top of strip_tags()

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade Django to version 4.2.21, 5.1.9, 5.2.1 or higher.

[4.2,4.2.21)[5.0a1,5.1.9)[5.2a1,5.2.1)

Allocation of Resources Without Limits or Throttling

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language(), whose NFKC operations are inefficient. An attacker can cause degradation of performance by sending requests with a very large number of Unicode characters, which are subject to NFKC normalization.

Note: This is only exploitable on Windows.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade Django to version 5.0.14, 5.1.8, 5.2 or higher.

[,5.0.14)[5.1a1,5.1.8)[5.2a1,5.2)

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the django.utils.text.wrap() function and wordwrap template filter. When either is supplied an excessively long string it may render the application unresponsive.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade django to version 4.2.20, 5.0.13, 5.1.7 or higher.

[,4.2.20)[5.0a1,5.0.13)[5.1a1,5.1.7)

Denial of Service (DoS)

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) through the clean_ipv6_address and is_valid_ipv6_address functions, as well as the GenericIPAddressField form field due to improper length validation. An attacker can cause the application to consume excessive resources by sending specially crafted IPv6 addresses.

Note:

The django.db.models.GenericIPAddressField model field was not affected.

How to fix Denial of Service (DoS)?

Upgrade Django to version 4.2.18, 5.0.11, 5.1.5 or higher.

[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)

Denial of Service (DoS)

Note:

The django.db.models.GenericIPAddressField model field was not affected.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.2.18, 5.0.11, 5.1.5 or higher.

[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)

Django@5.1.4 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?