5.1.4
14 years ago
17 days ago
Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to SQL Injection via the Note:
Applications that use the How to fix SQL Injection? Upgrade | [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4) |
Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the How to fix Command Injection? Upgrade | [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4) |
Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate How to fix Denial of Service (DoS)? Upgrade | [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1) |
Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade | [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1) |
Affected versions of this package are vulnerable to SQL Injection via the How to fix SQL Injection? Upgrade | [,4.2.15)[5.0,5.0.8) |
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the How to fix Uncontrolled Resource Consumption? Upgrade | [,4.2.15)[5.0,5.0.8) |
Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the How to fix Denial of Service (DoS)? Upgrade | [,4.2.15)[5.0,5.0.8) |
Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the How to fix Denial of Service (DoS)? Upgrade | [,4.2.15)[5.0,5.0.8) |
Affected versions of this package are vulnerable to Timing Attack via the How to fix Timing Attack? Upgrade | [,4.2.14)[5.0a1,5.0.7) |
Affected versions of this package are vulnerable to Directory Traversal via the derived classes of the Note: Built-in Storage sub-classes were not affected by this vulnerability. How to fix Directory Traversal? Upgrade | [,4.2.14)[5.0a1,5.0.7) |
Affected versions of this package are vulnerable to Denial of Service (DoS) in How to fix Denial of Service (DoS)? Upgrade | [,4.2.14)[5.0a1,5.0.7) |
Affected versions of this package are vulnerable to Denial of Service (DoS) via the in How to fix Denial of Service (DoS)? Upgrade | [,4.2.14)[5.0a1,5.0.7) |
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in Note: The function is only vulnerable when How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | [,3.2.25)[4.0a1,4.2.11)[5.0a1,5.0.3) |
Affected versions of this package are vulnerable to Denial of Service (DoS) via the Note: This vulnerability is only exploitable on Windows systems. How to fix Denial of Service (DoS)? Upgrade | [,3.2.23)[4.0a1,4.1.13)[4.2a1,4.2.7) |
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | [,3.2.22)[4.0,4.1.12)[4.2,4.2.6) |
Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade | [,3.2.21)[4.0a1,4.1.11)[4.2a1,4.2.5) |
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | [,3.2.20)[4.0a1,4.1.10)[4.2a1,4.2.3) |
Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single How to fix Arbitrary File Upload? Upgrade | [,3.2.19)[4.1a1,4.1.9)[4.2a1,4.2.1) |
Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in How to fix Denial of Service (DoS)? Upgrade | [,3.2.18)[4.0a1,4.0.10)[4.1a1,4.1.7) |
Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the How to fix Reflected File Download (RFD)? Upgrade | [,3.2.15)[4.0a1,4.0.7)[4.1rc1,4.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected. Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released. How to fix SQL Injection? Upgrade | [,3.2.14)[4.0a1,4.0.6) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via How to fix SQL Injection? Upgrade | [,2.2.28)[3.0,3.2.13)[4.0,4.0.4) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection in How to fix SQL Injection? Upgrade | [,2.2.28)[3.0,3.2.13)[4.0,4.0.4) |
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade | [,2.2.27)[3.0,3.2.12)[4.0,4.0.2) |
Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms. How to fix Denial of Service (DoS)? Upgrade | [,2.2.27)[3.0,3.2.12)[4.0,4.0.2) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Directory Traversal via Note: this is exploitable only if crafted file names are being directly passed to the How to fix Directory Traversal? Upgrade | [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Information Exposure via the Note: all untrusted user input should be validated before use. How to fix Information Exposure? Upgrade | [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Denial of Service (DoS) via Note: it is exploitable under the assumption that access to user registration is unrestricted. How to fix Denial of Service (DoS)? Upgrade | [,2.2.26)[3.0,3.2.11)[4.0,4.0.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. How to fix Access Restriction Bypass? Upgrade | [,2.2.25)[3.0,3.1.14)[3.2,3.2.10) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Directory Traversal via How to fix Directory Traversal? Upgrade | [3.2,3.2.4)[3.1,3.1.12)[,2.2.24) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Input Validation. How to fix Improper Input Validation? Upgrade | [2.2,2.2.24)[3.1,3.1.12)[3.2,3.2.4) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses This issue was introduced by the bpo-43882 fix. How to fix HTTP Header Injection? Upgrade | [3.2,3.2.2)[3.0,3.1.10)[,2.2.22) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Directory Traversal. How to fix Directory Traversal? Upgrade | [,2.2.21)[3.0,3.1.9)[3.2,3.2.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Directory Traversal. How to fix Directory Traversal? Upgrade | [2.2,2.2.20)[3.0,3.0.14)[3.1,3.1.8) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Web Cache Poisoning. Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. How to fix Web Cache Poisoning? Upgrade | [2.2,2.2.19)[3.0,3.0.13)[3.1,3.1.7) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade | [1.4,2.2.18)[3.0a1,3.0.12)[3.1a1,3.1.6) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Insecure Permissions. The intermediate-level directories of the filesystem cache had the system's standard How to fix Insecure Permissions? Upgrade | [2.2,2.2.16)[3.0,3.0.10)[3.1,3.1.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Insecure Permissions. On Python 3.7 and above, How to fix Insecure Permissions? Upgrade | [2.2,2.2.16)[3.0,3.0.10)[3.1,3.1.1) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Query parameters for the admin How to fix Cross-site Scripting (XSS)? Upgrade | [3.0.0,3.0.7)[2.2.0,2.2.13) |
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Information Exposure. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. How to fix Information Exposure? Upgrade | [3.0,3.0.7)[2.2,2.2.13) |