Django Project Django 4.2.10

CPE Details

Django Project Django 4.2.10
4.2.10
2024-02-16
20h06 +00:00
2024-02-16
20h06 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:djangoproject:django:4.2.10:*:*:*:*:*:*:*

Informations

Vendor

djangoproject

Product

django

Version

4.2.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45230 2024-10-08 00h00 +00:00 An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
7.5
High
CVE-2024-45231 2024-10-08 00h00 +00:00 An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
5.3
Medium
CVE-2024-41989 2024-08-07 00h00 +00:00 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
7.5
High
CVE-2024-41990 2024-08-06 22h00 +00:00 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
7.5
High
CVE-2024-41991 2024-08-06 22h00 +00:00 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
7.5
High
CVE-2024-42005 2024-08-06 22h00 +00:00 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
9.8
Critical