FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
py310-django42 < 4.2.14
py311-django42 < 4.2.14
py39-django42 < 4.2.14
py310-django50 < 5.0.7
py311-django50 < 5.0.7

Details

VuXML ID 171afa61-3eba-11ef-a58f-080027836e8b
Discovery 2024-07-01
Entry 2024-07-10

Django reports:

CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize().

CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords.

CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save().

CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant().

References

CVE Name CVE-2024-38875
CVE Name CVE-2024-39329
CVE Name CVE-2024-39330
CVE Name CVE-2024-39614
URL https://www.djangoproject.com/weblog/2024/jul/09/security-releases/