Package | python-django |
---|---|
Version | 1.7.11-1+deb8u18 (jessie), 1:1.10.7-2+deb9u24 (stretch), 1:1.11.29-1+deb10u13 (buster) |
Related CVEs | CVE-2024-53907 CVE-2024-56374 |
Two vulnerabilities were discovered in Django, a Python-based web development framework:
-
CVE-2024-53907
: Prevent a potential Denial of Service (DoS) attack. Thestrip_tags
method andstriptags
template filter were subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. -
CVE-2024-56374
: Prevent another potential Denial of Service (DoS) attack. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could have led to a potential denial-of-service attack. Theclean_ipv6_address
andis_valid_ipv6_address
functions were vulnerable as was theGenericIPAddressField
form field. TheGenericIPAddressField
model field was not affected.
For Debian 10 buster, these problems have been fixed in version 1:1.11.29-1+deb10u13.
For Debian 8 jessie, these problems have been fixed in version 1.7.11-1+deb8u18.
For Debian 9 stretch, these problems have been fixed in version 1:1.10.7-2+deb9u24.
We recommend that you upgrade your python-django packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.