django@1.8.13 vulnerabilities

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words(), whose performance can be degraded when processing a malicious input involving repeated < characters.

Note:

The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.

Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField. A potential attack can be executed via certain inputs with a very large number of Unicode characters.

Note: This vulnerability is only exploitable on Windows systems.

Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.

Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.

Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.

Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.

Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.

Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py. An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.

Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.

Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.

Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.

Upgrade Django to version 3.2.14, 4.0.6 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL.

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate(), aggregate(), and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via Storage.save().

Note: this is exploitable only if crafted file names are being directly passed to the save function..

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.

Note: all untrusted user input should be validated before use.

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator, when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator.

Note: it is exploitable under the assumption that access to user registration is unrestricted.

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via admindocs TemplateDetailView.

Upgrade Django to version 3.2.4, 3.1.12, 2.2.24 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid.

This issue was introduced by the bpo-43882 fix.

Upgrade Django to version 3.2.2, 3.1.10, 2.2.22 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser, UploadedFile, and FieldFile allow directory-traversal via uploaded files with suitably crafted file names.

Upgrade Django to version 2.2.21, 3.1.9, 3.2.1 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via the django.utils.archive.extract() function, which is used by startapp --template and startproject --template. This can happen via an archive with absolute paths or relative paths with dot segments.

Upgrade Django to version 2.2.18, 3.0.12, 3.1.6 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via "tolerance" parameter in GIS functions and aggregates on Oracle.

Upgrade Django to version 3.0.4, 2.2.11, 1.11.29 or higher.

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Content Spoofing. The default 404 page did not properly handle user-supplied data, an attacker could supply content to the web application, typically via a parameter value, that is reflected back to the user. This presented the user with a modified page under the context of the trusted domain.

Upgrade Django to version 1.11.18, 2.0.10, 2.1.5 or higher.

django is a Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash, a malicious user could send a request to a crafted URL of that site that would lead to a redirect to another site.

Upgrade django to versions 1.11.15, 2.0.8, 2.1 or higher.

django is a Python Web framework.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Upgrade django to versions 1.8.19, 1.11.11, 2.0.3 or higher.

django is a Python Web framework.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking in two regular expressions. The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.

Upgrade django to versions 1.8.19, 1.11.11, 2.0.3 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. A maliciously crafted URL to a Django site using the django.views.static.serve() view could redirect to any other domain.

Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. It relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to DNS Rebinding attacks. When settings.DEBUG is set to True, it fails to validate the HTTP Host header against settings.ALLOWED_HOSTS making it possible to manipulate the host header. This is at least cross-site scripting vector, which could be quite serious if developers load a copy of the production database in development or connect to some production services for which there's no development instance. Also, if a project uses a package like the django-debug-toolbar, the attacker could also execute arbitrary SQL.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package used a hardcoded password for a temporary database user created when running tests with an Oracle database. This user is usually dropped after the test suite completes, but not when using the manage.py test --keepdb option or if the user has an active session. This makes it easier for remote attackers to obtain access to the database.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) attacks. The cookie parsing code, when used on a site with Google Analytics, may allow remote attackers to set arbitrary cookies leading to a bypass of CSRF protection.

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The dismissChangeRelatedObjectPopup function uses Javascript's Element.innerHTML in an unsafe manner. This allows remote attackers to forge content in the admin's add/change popup.