USN-4381-2: Django vulnerabilities
First published: Thu Jun 04 2020(Updated: )
USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python-django | <1.6.11-0ubuntu1.3+esm1 | 1.6.11-0ubuntu1.3+esm1 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What vulnerabilities does USN-4381-2 fix?
USN-4381-2 fixes the CVE-2020-13254 and CVE-2020-13596 vulnerabilities.
What is the impact of CVE-2020-13254?
CVE-2020-13254 could allow a remote attacker to cause a denial of service.
What is the impact of CVE-2020-13596?
CVE-2020-13596 could allow a remote attacker to execute arbitrary code.
How do I fix the Django vulnerabilities?
To fix the Django vulnerabilities, apply the appropriate updates provided by Ubuntu.
Where can I find more information about USN-4381-2?
You can find more information about USN-4381-2 on the Ubuntu Security Notices website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-4381-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/14.04