django@1.6.8 vulnerabilities

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words(), whose performance can be degraded when processing a malicious input involving repeated < characters.

Note:

The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.

Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField. A potential attack can be executed via certain inputs with a very large number of Unicode characters.

Note: This vulnerability is only exploitable on Windows systems.

Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.

Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.

Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.

Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.

Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.

Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py. An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.

Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.

Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.

Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.

Upgrade Django to version 3.2.14, 4.0.6 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL.

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate(), aggregate(), and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via Storage.save().

Note: this is exploitable only if crafted file names are being directly passed to the save function..

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.

Note: all untrusted user input should be validated before use.

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator, when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator.

Note: it is exploitable under the assumption that access to user registration is unrestricted.

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via admindocs TemplateDetailView.

Upgrade Django to version 3.2.4, 3.1.12, 2.2.24 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid.

This issue was introduced by the bpo-43882 fix.

Upgrade Django to version 3.2.2, 3.1.10, 2.2.22 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser, UploadedFile, and FieldFile allow directory-traversal via uploaded files with suitably crafted file names.

Upgrade Django to version 2.2.21, 3.1.9, 3.2.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via the django.utils.archive.extract() function, which is used by startapp --template and startproject --template. This can happen via an archive with absolute paths or relative paths with dot segments.

Upgrade Django to version 2.2.18, 3.0.12, 3.1.6 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via "tolerance" parameter in GIS functions and aggregates on Oracle.

Upgrade Django to version 3.0.4, 2.2.11, 1.11.29 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Content Spoofing. The default 404 page did not properly handle user-supplied data, an attacker could supply content to the web application, typically via a parameter value, that is reflected back to the user. This presented the user with a modified page under the context of the trusted domain.

Upgrade Django to version 1.11.18, 2.0.10, 2.1.5 or higher.

django is a Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash, a malicious user could send a request to a crafted URL of that site that would lead to a redirect to another site.

Upgrade django to versions 1.11.15, 2.0.8, 2.1 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. A maliciously crafted URL to a Django site using the django.views.static.serve() view could redirect to any other domain.

Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. It relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to DNS Rebinding attacks. When settings.DEBUG is set to True, it fails to validate the HTTP Host header against settings.ALLOWED_HOSTS making it possible to manipulate the host header. This is at least cross-site scripting vector, which could be quite serious if developers load a copy of the production database in development or connect to some production services for which there's no development instance. Also, if a project uses a package like the django-debug-toolbar, the attacker could also execute arbitrary SQL.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package used a hardcoded password for a temporary database user created when running tests with an Oracle database. This user is usually dropped after the test suite completes, but not when using the manage.py test --keepdb option or if the user has an active session. This makes it easier for remote attackers to obtain access to the database.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks. The cookie parsing code, when used on a site with Google Analytics, may allow remote attackers to set arbitrary cookies leading to a bypass of CSRF protection.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The dismissChangeRelatedObjectPopup function uses Javascript's Element.innerHTML in an unsafe manner. This allows remote attackers to forge content in the admin's add/change popup.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Timing attacks. There is a timing difference between a login request for a user with a password encoded in an older number of iterations and login request for a nonexistent user (which runs the default hasher's default number of iterations). This only affects users who haven't logged in since the iterations were increased in Django 1.6.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The utils.http.is_safe_url function allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct Cross-site Scripting (XSS) attacks via a URL containing basic authentication. For example, a URL like http://mysite.example.com\@attacker.com would be considered safe if the request's host is http://mysite.example.com, but redirecting to this URL sends the user to attacker.com.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure. It is possible for a user to specify the date format and pass it to the date filter, e.g. {{ last_updated|date:user_date_format }}. An attacker could send a settings key instead of a date format (like SECRET_KEY), and obtain any secret in the application's settings.

Upgrade django to versions 1.7.11, 1.8.7 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. If a large number of requests were made to contrib.auth.views.logout, it would trigger the creation of an empty session records, causing high session store consumption.

Upgrade django to versions 1.8.4, 1.7.0, 1.4.22 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The contrib.sessions.backends.base.SessionBase.flush and cache_db.SessionStore.flush functions create empty sessions causing session store consumption.

Upgrade django to versions 1.8.4, 1.7.0, 1.4.22 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. When sending multiple requests with unique session keys, the session backends create new empty records in the session storage, which can fill the session store.

Upgrade django to versions 1.8.3, 1.7.9, 1.4.21 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to HTTP Response Splitting attacks due to the use of an incorrect regular expression. It allows newline characters in email messages (to the EmailValidator), in URLs (to the URLValidator), or other instances. An attacker can leverage this to inject arbitrary headers and conduct HTTP response splitting attacks.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to a Denial of Service (DoS) attacks. When an inputing a long string into the utils.html.strip_tags function, an infinite loop occurs.

Note: This occurs only when using Python <2.7.7 or =3.3.5.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The utils.http.is_safe_url function did not properly validate URLs, allowing the execustion of URLs of the sort: \x08javascript: URL.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to WSGI header spoofing. A malicious user could exploit this vulnerability by using an _ character instead of a - in an HTTP header. In the WSGI environ, the X-Auth-User and the X-Auth_User headers are both converted to HTTP_X_Auth_User, allowing the attacker to bypass the protection.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The is_safe_url() function did not properly handle leading whitespaces, which allows remote attackers to craft URLs like \njavascript:.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. The serve() view reads files an entire line at a time, which allows remote attackers to cause high memory consumption via a long line in a file.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. When a form uses show_hidden_initial=True and ModelMultipleChoiceField, An attacker may cause a large number of SQL queries by submitting duplicate values for the field's data.