django@3.2.4 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Direct Vulnerabilities

Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in django.utils.text.Truncator.words(), whose performance can be degraded when processing a malicious input involving repeated < characters.

Note:

The function is only vulnerable when html=True is set and the truncatewords_html template filter is in use.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade django to version 3.2.25, 4.2.11, 5.0.3 or higher.

[,3.2.25) [4.0a1,4.2.11) [5.0a1,5.0.3)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in the intcomma template filter, when used with very long strings. Exploiting this vulnerability could lead to a system crash.

How to fix Denial of Service (DoS)?

Upgrade django to version 3.2.24, 4.2.10, 5.0.2 or higher.

[3.2,3.2.24) [4.2,4.2.10) [5.0,5.0.2)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via the NFKC normalization function in django.contrib.auth.forms.UsernameField. A potential attack can be executed via certain inputs with a very large number of Unicode characters.

Note: This vulnerability is only exploitable on Windows systems.

How to fix Denial of Service (DoS)?

Upgrade django to version 3.2.23, 4.1.13, 4.2.7 or higher.

[,3.2.23) [4.0a1,4.1.13) [4.2a1,4.2.7)
  • M
Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the chars() and words() methods in the django.utils.text.Truncator function. An attacker can cause a denial of service by exploiting the inefficient regular expression complexity, which exhibits linear backtracking complexity and can be slow, given certain long and potentially malformed HTML inputs.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade django to version 3.2.22, 4.1.12, 4.2.6 or higher.

[,3.2.22) [4.0,4.1.12) [4.2,4.2.6)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in the django.utils.encoding.uri_to_iri() function when processing inputs with a large number of Unicode characters.

How to fix Denial of Service (DoS)?

Upgrade django to version 3.2.21, 4.1.11, 4.2.5 or higher.

[,3.2.21) [4.0a1,4.1.11) [4.2a1,4.2.5)
  • H
Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the EmailValidator and URLValidator classes, when processing a very large number of domain name labels on emails or URLs.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade django to version 3.2.20, 4.1.10, 4.2.3 or higher.

[,3.2.20) [4.0a1,4.1.10) [4.2a1,4.2.3)
  • M
Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.

How to fix Arbitrary File Upload?

Upgrade django to version 3.2.19, 4.1.9, 4.2.1 or higher.

[,3.2.19) [4.1a1,4.1.9) [4.2a1,4.2.1)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data in http/multipartparser.py. An attacker can trigger the opening of a large number of uploaded files which are not subsequently closed, consuming memory or filehandling resources.

How to fix Denial of Service (DoS)?

Upgrade django to version 3.2.18, 4.0.10, 4.1.7 or higher.

[,3.2.18) [4.0a1,4.0.10) [4.1a1,4.1.7)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the parsed values of Accept-Language headers which are cached, in order to avoid repetitive parsing. If the raw value of Accept-Language headers is very large, this will cause excessive memory usage.

How to fix Denial of Service (DoS)?

Upgrade django to version 3.2.17, 4.0.9, 4.1.6 or higher.

[3.2,3.2.17) [4.0,4.0.9) [4.1,4.1.6)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when using internationalized URLs, due to locale parameter being interpreted as regular expression.

How to fix Denial of Service (DoS)?

Upgrade django to version 4.1.2, 4.0.8, 3.2.16 or higher.

[4.1a1,4.1.2) [4.0a1,4.0.8) [3.2a1,3.2.16)
  • H
Reflected File Download (RFD)

Affected versions of this package are vulnerable to Reflected File Download (RFD) as it is possible to set the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

How to fix Reflected File Download (RFD)?

Upgrade django to version 3.2.15, 4.0.7, 4.1 or higher.

[,3.2.15) [4.0a1,4.0.7) [4.1rc1,4.1)
  • C
SQL Injection

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the Trunc(kind) and Extract(lookup_name) arguments, if untrusted data is used as a kind/lookup_name value.

Note: Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Django 4.1 pre-released versions (4.1a1, 4.1a2) are affected by this issue, please avoid using the 4.1 branch until 4.1.0 is released.

How to fix SQL Injection?

Upgrade Django to version 3.2.14, 4.0.6 or higher.

[,3.2.14) [4.0a1,4.0.6)
  • C
SQL Injection

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via QuerySet.explain(**options) in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument on PostgreSQL.

How to fix SQL Injection?

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

[,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
  • C
SQL Injection

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection in QuerySet.annotate(), aggregate(), and extra() methods, in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods.

How to fix SQL Injection?

Upgrade Django to version 2.2.28, 3.2.13, 4.0.4 or higher.

[,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the {% debug %} template tag. The tag doesn't properly encode the current context, outputting unescaped context variables.

How to fix Cross-site Scripting (XSS)?

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

[,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via an infinite loop during file parsing that occurs when certain inputs are passed to multipart forms.

How to fix Denial of Service (DoS)?

Upgrade django to version 2.2.27, 3.2.12, 4.0.2 or higher.

[,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
  • L
Directory Traversal

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Directory Traversal via Storage.save().

Note: this is exploitable only if crafted file names are being directly passed to the save function..

How to fix Directory Traversal?

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
  • L
Information Exposure

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure via the dictsort template filter, when leveraging the Django Template Language's variable resolution logic by supplying a maliciously crafted key.

Note: all untrusted user input should be validated before use.

How to fix Information Exposure?

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
  • M
Denial of Service (DoS)

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Denial of Service (DoS) via UserAttributeSimilarityValidator, when evaluating submitted passwords that are extremely large relatively to the comparison values. This issue is mitigated in newer versions by ignoring long values in UserAttributeSimilarityValidator.

Note: it is exploitable under the assumption that access to user registration is unrestricted.

How to fix Denial of Service (DoS)?

Upgrade Django to version 2.2.26, 3.2.11, 4.0.1 or higher.

[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
  • M
Access Restriction Bypass

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Access Restriction Bypass. HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

How to fix Access Restriction Bypass?

Upgrade Django to version 2.2.25, 3.1.14, 3.2.10 or higher.

[,2.2.25) [3.0,3.1.14) [3.2,3.2.10)
  • H
SQL Injection

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection. Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted.

As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1 as a side effect of fixing the following ticket.

The issue is not present in the main branch as the deprecated path has been removed.

How to fix SQL Injection?

Upgrade Django to version 3.2.5, 3.1.13 or higher.

[3.2a1,3.2.5) [3.1a1,3.1.13)