Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP1 package python-Django, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2015-5145 — CVSS 7.8 (high): validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified…
CVE-2023-24580 — CVSS 7.5 (high): An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing…
CVE-2018-6188 — CVSS 7.5 (high): django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain…
CVE-2018-14574 — CVSS 6.1 (medium): django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2017-7234 — CVSS 6.1 (medium): A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.se…
CVE-2017-12794 — CVSS 6.1 (medium): In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500…
CVE-2017-7233 — CVSS 6.1 (medium): Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on…
CVE-2018-7536 — CVSS 5.3 (medium): An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was…
CVE-2018-7537 — CVSS 5.3 (medium): An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars()…
CVE-2015-3982 — CVSS 5.0 (medium): The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote…
CVE-2015-5963 — CVSS 5.0 (medium): contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other…