FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
	py310-django42	<	4.2.15
	py311-django42	<	4.2.15
	py39-django42	<	4.2.15
	py310-django50	<	5.0.8
	py311-django50	<	5.0.8

Details

VuXML ID	94d441d2-5497-11ef-9d2f-080027836e8b
Discovery	2024-08-01
Entry	2024-08-07

Django reports:

CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat().

CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize().

CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget.

CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list().

[source]

References

CVE Name	CVE-2024-41989
CVE Name	CVE-2024-41990
CVE Name	CVE-2024-41991
CVE Name	CVE-2024-42005
URL	https://www.djangoproject.com/weblog/2024/aug/06/security-releases/