django@3.2.22 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in `django.utils.text.Truncator.words()`, whose performance can be degraded when processing a malicious input involving repeated `<` characters. Note: The function is only vulnerable when `html=True` is set and the `truncatewords_html` template filter is in use. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `django` to version 3.2.25, 4.2.11, 5.0.3 or higher.	[,3.2.25) [4.0a1,4.2.11) [5.0a1,5.0.3)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) in the `intcomma` template filter, when used with very long strings. Exploiting this vulnerability could lead to a system crash. How to fix Denial of Service (DoS)? Upgrade `django` to version 3.2.24, 4.2.10, 5.0.2 or higher.	[3.2,3.2.24) [4.2,4.2.10) [5.0,5.0.2)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via the `NFKC normalization` function in `django.contrib.auth.forms.UsernameField`. A potential attack can be executed via certain inputs with a very large number of Unicode characters. Note: This vulnerability is only exploitable on Windows systems. How to fix Denial of Service (DoS)? Upgrade `django` to version 3.2.23, 4.1.13, 4.2.7 or higher.	[,3.2.23) [4.0a1,4.1.13) [4.2a1,4.2.7)