First published: Wed Jun 03 2020(Updated: )
Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-django | <2:2.2.12-1ubuntu0.1 | 2:2.2.12-1ubuntu0.1 |
=20.04 | ||
All of | ||
ubuntu/python-django | <1:1.11.22-1ubuntu1.4 | 1:1.11.22-1ubuntu1.4 |
=19.10 | ||
All of | ||
ubuntu/python3-django | <1:1.11.22-1ubuntu1.4 | 1:1.11.22-1ubuntu1.4 |
=19.10 | ||
All of | ||
ubuntu/python-django | <1:1.11.11-1ubuntu1.9 | 1:1.11.11-1ubuntu1.9 |
=18.04 | ||
All of | ||
ubuntu/python3-django | <1:1.11.11-1ubuntu1.9 | 1:1.11.11-1ubuntu1.9 |
=18.04 | ||
All of | ||
ubuntu/python-django | <1.8.7-1ubuntu5.13 | 1.8.7-1ubuntu5.13 |
=16.04 | ||
All of | ||
ubuntu/python3-django | <1.8.7-1ubuntu5.13 | 1.8.7-1ubuntu5.13 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this advisory is USN-4381-1.
The severity of the vulnerability is not specified in the advisory.
The affected versions of Django are 2.2.12 and older.
You can fix the vulnerability by updating to version 2.2.12 or newer of Django.
You can find more information about this vulnerability in the advisory USN-4381-1.