First published: Wed Dec 04 2024(Updated: )
jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2024-53907) Seokchan Yoon discovered that Django incorrectly handled HasKey lookups when using Oracle. A remote attacker could possibly use this issue to inject arbitrary SQL code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-53908)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-django | <3:4.2.15-1ubuntu1.1 | 3:4.2.15-1ubuntu1.1 |
Ubuntu Ubuntu | =24.10 | |
All of | ||
ubuntu/python3-django | <3:4.2.11-1ubuntu1.4 | 3:4.2.11-1ubuntu1.4 |
Ubuntu Ubuntu | =24.04 | |
All of | ||
ubuntu/python3-django | <2:3.2.12-2ubuntu1.15 | 2:3.2.12-2ubuntu1.15 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python3-django | <2:2.2.12-1ubuntu0.26 | 2:2.2.12-1ubuntu0.26 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.