django@3.1.5 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

  • latest version

    5.1.4

  • latest non vulnerable version

  • first published

    14 years ago

  • latest version published

    17 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    SQL Injection

    Affected versions of this package are vulnerable to SQL Injection via the django.db.models.fields.json.HasKey lookup on Oracle, if untrusted data is used as a lhs value. An attacker can manipulate SQL queries and access or alter database information.

    Note: Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.

    How to fix SQL Injection?

    Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

    [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)
    • H
    Command Injection

    Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the strip_tags function and striptags template filter. An attacker can cause the application to consume excessive resources.

    How to fix Command Injection?

    Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

    [,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to not accounting for very large inputs involving intermediate ;s, in the django.utils.html.urlize() and django.utils.html.urlizetrunc() template filter functions.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

    [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1)
    • M
    Improper Check for Unusual or Exceptional Conditions

    Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to unhandled email sending failures in the django.contrib.auth.forms.PasswordResetForm class. This allows attackers to enumerate user email addresses by brute forcing password reset requests and observing the outcomes.

    How to fix Improper Check for Unusual or Exceptional Conditions?

    Upgrade django to version 4.2.16, 5.0.9, 5.1.1 or higher.

    [,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1)
    • C
    SQL Injection

    Affected versions of this package are vulnerable to SQL Injection via the QuerySet.values() and values_list() methods on models with a JSONField. An attacker can exploit this vulnerability through column aliases by using a maliciously crafted JSON object object key as a passed *arg.

    How to fix SQL Injection?

    Upgrade django to version 4.2.15, 5.0.8 or higher.

    [,4.2.15)[5.0,5.0.8)
    • M
    Uncontrolled Resource Consumption

    Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the floatformat() template filter, when given a string representation of a number in scientific notation with a large exponent.

    How to fix Uncontrolled Resource Consumption?

    Upgrade django to version 4.2.15, 5.0.8 or higher.

    [,4.2.15)[5.0,5.0.8)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) via certain inputs with a very large number of Unicode characters in the urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 4.2.15, 5.0.8 or higher.

    [,4.2.15)[5.0,5.0.8)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) via very large inputs with a specific sequence of characters in the urlize() and urlizetrunc() template filters.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 4.2.15, 5.0.8 or higher.

    [,4.2.15)[5.0,5.0.8)
    • M
    Timing Attack

    Affected versions of this package are vulnerable to Timing Attack via the django.contrib.auth.backends.ModelBackend.authenticate() method. This allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords.

    How to fix Timing Attack?

    Upgrade django to version 4.2.14, 5.0.7 or higher.

    [,4.2.14)[5.0a1,5.0.7)
    • M
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal via the derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class. This allows potential access to out of scope data via certain inputs when calling save() method.

    Note: Built-in Storage sub-classes were not affected by this vulnerability.

    How to fix Directory Traversal?

    Upgrade django to version 4.2.14, 5.0.7 or higher.

    [,4.2.14)[5.0a1,5.0.7)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) in django.utils.translation.get_supported_language_variant() function due to improper user input validation. An attacker can exploit this vulnerability by using very long strings containing specific characters. Exploiting this vulnerability could lead to a system crash.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 4.2.14, 5.0.7 or higher.

    [,4.2.14)[5.0a1,5.0.7)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the in django.utils.html.urlize() and django.utils.html.urlizetrunc() functions. If certain inputs with a very large number of brackets are provided, this could lead to a system crash.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 4.2.14, 5.0.7 or higher.

    [,4.2.14)[5.0a1,5.0.7)
    • M
    Regular Expression Denial of Service (ReDoS)

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words(), whose performance can be degraded when processing a malicious input involving repeated < characters.

    Note:

    The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.

    [,3.2.25)[4.0a1,4.2.11)[5.0a1,5.0.3)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField. A potential attack can be executed via certain inputs with a very large number of Unicode characters.

    Note: This vulnerability is only exploitable on Windows systems.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.

    [,3.2.23)[4.0a1,4.1.13)[4.2a1,4.2.7)
    • M
    Regular Expression Denial of Service (ReDoS)

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.

    [,3.2.22)[4.0,4.1.12)[4.2,4.2.6)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.

    [,3.2.21)[4.0a1,4.1.11)[4.2a1,4.2.5)
    • H
    Regular Expression Denial of Service (ReDoS)

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.

    How to fix Regular Expression Denial of Service (ReDoS)?

    Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.

    [,3.2.20)[4.0a1,4.1.10)[4.2a1,4.2.3)
    • M
    Arbitrary File Upload

    Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.

    How to fix Arbitrary File Upload?

    Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.

    [,3.2.19)[4.1a1,4.1.9)[4.2a1,4.2.1)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py. An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.

    [,3.2.18)[4.0a1,4.0.10)[4.1a1,4.1.7)
    • H
    Reflected File Download (RFD)

    Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

    How to fix Reflected File Download (RFD)?

    Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.

    [,3.2.15)[4.0a1,4.0.7)[4.1rc1,4.1)
    • C
    SQL Injection

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.

    Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

    Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.

    How to fix SQL Injection?

    Upgrade Django to version 3.2.14, 4.0.6 or higher.

    [,3.2.14)[4.0a1,4.0.6)
    • C
    SQL Injection

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL.

    How to fix SQL Injection?

    Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

    [,2.2.28)[3.0,3.2.13)[4.0,4.0.4)
    • C
    SQL Injection

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate(), aggregate(), and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.

    How to fix SQL Injection?

    Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

    [,2.2.28)[3.0,3.2.13)[4.0,4.0.4)
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.

    How to fix Cross-site Scripting (XSS)?

    Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

    [,2.2.27)[3.0,3.2.12)[4.0,4.0.2)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.

    How to fix Denial of Service (DoS)?

    Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

    [,2.2.27)[3.0,3.2.12)[4.0,4.0.2)
    • L
    Directory Traversal

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Directory Traversal via Storage.save().

    Note: this is exploitable only if crafted file names are being directly passed to the save function..

    How to fix Directory Traversal?

    Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

    [,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
    • L
    Information Exposure

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.

    Note: all untrusted user input should be validated before use.

    How to fix Information Exposure?

    Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

    [,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
    • M
    Denial of Service (DoS)

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator, when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator.

    Note: it is exploitable under the assumption that access to user registration is unrestricted.

    How to fix Denial of Service (DoS)?

    Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

    [,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
    • M
    Access Restriction Bypass

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

    How to fix Access Restriction Bypass?

    Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.

    [,2.2.25)[3.0,3.1.14)[3.2,3.2.10)
    • H
    SQL Injection

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to SQL Injection. Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted.

    As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1 as a side effect of fixing the following ticket.

    The issue is not present in the main branch as the deprecated path has been removed.

    How to fix SQL Injection?

    Upgrade Django to version 3.2.5, 3.1.13 or higher.

    [3.2a1,3.2.5)[3.1a1,3.1.13)
    • H
    Directory Traversal

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Directory Traversal via admindocs TemplateDetailView.

    How to fix Directory Traversal?

    Upgrade Django to version 3.2.4, 3.1.12, 2.2.24 or higher.

    [3.2,3.2.4)[3.1,3.1.12)[,2.2.24)
    • M
    Improper Input Validation

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Improper Input Validation. URLValidator, validate_ipv4_address(), and validate_ipv46_address() did not prohibit leading zeros in octal literals. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. It only affects Python < 3.9.5.

    How to fix Improper Input Validation?

    Upgrade Django to version 2.2.24, 3.1.12, 3.2.4 or higher.

    [2.2,2.2.24)[3.1,3.1.12)[3.2,3.2.4)
    • H
    HTTP Header Injection

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to HTTP Header Injection. In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid.

    This issue was introduced by the bpo-43882 fix.

    How to fix HTTP Header Injection?

    Upgrade Django to version 3.2.2, 3.1.10, 2.2.22 or higher.

    [3.2,3.2.2)[3.0,3.1.10)[,2.2.22)
    • L
    Directory Traversal

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser, UploadedFile, and FieldFile allow directory-traversal via uploaded files with suitably crafted file names.

    How to fix Directory Traversal?

    Upgrade Django to version 2.2.21, 3.1.9, 3.2.1 or higher.

    [,2.2.21)[3.0,3.1.9)[3.2,3.2.1)
    • L
    Directory Traversal

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Directory Traversal. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

    How to fix Directory Traversal?

    Upgrade Django to version 2.2.20, 3.0.14, 3.1.8 or higher.

    [2.2,2.2.20)[3.0,3.0.14)[3.1,3.1.8)
    • M
    Web Cache Poisoning

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Web Cache Poisoning. Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default.

    How to fix Web Cache Poisoning?

    Upgrade Django to version 2.2.19, 3.0.13, 3.1.7 or higher.

    [2.2,2.2.19)[3.0,3.0.13)[3.1,3.1.7)
    • L
    Directory Traversal

    Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

    Affected versions of this package are vulnerable to Directory Traversal via the django.utils.archive.extract() function, which is used by startapp --template and startproject --template. This can happen via an archive with absolute paths or relative paths with dot segments.

    How to fix Directory Traversal?

    Upgrade Django to version 2.2.18, 3.0.12, 3.1.6 or higher.

    [1.4,2.2.18)[3.0a1,3.0.12)[3.1a1,3.1.6)