Vulnerabilities > Djangoproject

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2023-24580 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.
network
low complexity
djangoproject debian CWE-400
7.5
7.5
2023-02-01 CVE-2023-23969 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing.
network
low complexity
djangoproject debian CWE-770
7.5
7.5
2022-10-16 CVE-2022-41323 Unspecified vulnerability in Djangoproject Django
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
network
low complexity
djangoproject
7.5
7.5
2022-08-03 CVE-2022-36359 Download of Code Without Integrity Check vulnerability in multiple products
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.
network
low complexity
djangoproject debian CWE-494
8.8
8.8
2022-07-04 CVE-2022-34265 SQL Injection vulnerability in Djangoproject Django
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6.
network
low complexity
djangoproject CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-28346 SQL Injection vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-28347 SQL Injection vulnerability in multiple products
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
critical
 9.8
9.8
2022-02-03 CVE-2022-22818 Cross-site Scripting vulnerability in multiple products
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context.
network
low complexity
djangoproject fedoraproject debian CWE-79
6.1
6.1
2022-02-03 CVE-2022-23833 Infinite Loop vulnerability in multiple products
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2.
network
low complexity
djangoproject fedoraproject debian CWE-835
7.5
7.5
2022-01-05 CVE-2021-45115 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.
network
low complexity
djangoproject fedoraproject
5.0
5.0