django@5.1.14 vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

6.0

latest non vulnerable version

6.0

first published

15 years ago

latest version published

12 days ago

licenses detected

(0BSD OR BSD-3-Clause OR MIT)
[5.1.14,5.2a1); [5.2.8,6.0a1); [6.0b1,)

View django package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Inefficient Algorithmic Complexity Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the `getInnerText()` function. An attacker can exhaust CPU and memory resources by submitting deeply nested XML input to the XML deserializer, which is processed in quadratic time per character. How to fix Inefficient Algorithmic Complexity? Upgrade `Django` to version 4.2.27, 5.1.15, 5.2.9 or higher.	[,4.2.27)[5.0a1,5.1.15)[5.2a1,5.2.9)
H SQL Injection Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the `FilteredRelation` column aliases. When a malicious dictionary expansion is passed in as the `**kwargs` argument to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL, its contents can be used to execute SQL. How to fix SQL Injection? Upgrade `Django` to version 4.2.27, 5.1.15, 5.2.9 or higher.	[,4.2.27)[5.0a1,5.1.15)[5.2a1,5.2.9)

Inefficient Algorithmic Complexity

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the getInnerText() function. An attacker can exhaust CPU and memory resources by submitting deeply nested XML input to the XML deserializer, which is processed in quadratic time per character.

How to fix Inefficient Algorithmic Complexity?

Upgrade Django to version 4.2.27, 5.1.15, 5.2.9 or higher.

[,4.2.27)[5.0a1,5.1.15)[5.2a1,5.2.9)

SQL Injection

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the FilteredRelation column aliases. When a malicious dictionary expansion is passed in as the **kwargs argument to QuerySet.annotate() or QuerySet.alias() on PostgreSQL, its contents can be used to execute SQL.

How to fix SQL Injection?

Upgrade Django to version 4.2.27, 5.1.15, 5.2.9 or higher.

[,4.2.27)[5.0a1,5.1.15)[5.2a1,5.2.9)

Go back to all versions of this package