USN-4381-1: Django vulnerabilities
First published: Wed Jun 03 2020(Updated: )
Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-django | <2:2.2.12-1ubuntu0.1 | 2:2.2.12-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/python-django | <1:1.11.22-1ubuntu1.4 | 1:1.11.22-1ubuntu1.4 |
| =19.10 | ||
| All of | ||
| ubuntu/python3-django | <1:1.11.22-1ubuntu1.4 | 1:1.11.22-1ubuntu1.4 |
| =19.10 | ||
| All of | ||
| ubuntu/python-django | <1:1.11.11-1ubuntu1.9 | 1:1.11.11-1ubuntu1.9 |
| =18.04 | ||
| All of | ||
| ubuntu/python3-django | <1:1.11.11-1ubuntu1.9 | 1:1.11.11-1ubuntu1.9 |
| =18.04 | ||
| All of | ||
| ubuntu/python-django | <1.8.7-1ubuntu5.13 | 1.8.7-1ubuntu5.13 |
| =16.04 | ||
| All of | ||
| ubuntu/python3-django | <1.8.7-1ubuntu5.13 | 1.8.7-1ubuntu5.13 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-13254
- https://ubuntu.com/security/CVE-2020-13596
- https://ubuntu.com/security/notices/USN-4381-2
- https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1.4
- https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.9
- https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.13
- https://ubuntu.com/security/notices/USN-4381-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-4381-1.
What is the severity of the vulnerability?
The severity of the vulnerability is not specified in the advisory.
Which versions of Django are affected?
The affected versions of Django are 2.2.12 and older.
How can I fix the vulnerability?
You can fix the vulnerability by updating to version 2.2.12 or newer of Django.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the advisory USN-4381-1.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-4381-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/19.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04