First published: Thu Jun 04 2020(Updated: )
USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-django | <1.6.11-0ubuntu1.3+esm1 | 1.6.11-0ubuntu1.3+esm1 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
USN-4381-2 fixes the CVE-2020-13254 and CVE-2020-13596 vulnerabilities.
CVE-2020-13254 could allow a remote attacker to cause a denial of service.
CVE-2020-13596 could allow a remote attacker to execute arbitrary code.
To fix the Django vulnerabilities, apply the appropriate updates provided by Ubuntu.
You can find more information about USN-4381-2 on the Ubuntu Security Notices website.