| Package | python-django |
|---|---|
| Version | 1.7.11-1+deb8u18 (jessie), 1:1.10.7-2+deb9u24 (stretch), 1:1.11.29-1+deb10u13 (buster) |
| Related CVEs | CVE-2024-53907 CVE-2024-56374 |
Two vulnerabilities were discovered in Django, a Python-based web development framework:
-
CVE-2024-53907: Prevent a potential Denial of Service (DoS) attack. Thestrip_tagsmethod andstriptagstemplate filter were subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. -
CVE-2024-56374: Prevent another potential Denial of Service (DoS) attack. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could have led to a potential denial-of-service attack. Theclean_ipv6_addressandis_valid_ipv6_addressfunctions were vulnerable as was theGenericIPAddressFieldform field. TheGenericIPAddressFieldmodel field was not affected.
For Debian 10 buster, these problems have been fixed in version 1:1.11.29-1+deb10u13.
For Debian 8 jessie, these problems have been fixed in version 1.7.11-1+deb8u18.
For Debian 9 stretch, these problems have been fixed in version 1:1.10.7-2+deb9u24.
We recommend that you upgrade your python-django packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.