"Django security releases issued: 5.0.8 and 4.2.15"
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
* Potential SQL injection in QuerySet.values() and values_list()
* Memory exhaustion in django.utils.numberformat.floatformat()
* Potential denial-of-service in django.utils.html.urlize()
* Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
#security #infosec #cybersecurity #django #python
dethos / Gonçalo Valério
npub1c8…lvmv9
2024-08-06 15:20:54
Author Public Key
npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9Published at
2024-08-06 15:20:54Event JSON
{
"id": "a68b2c3423ef4f2028f6f149062766123c8efb6701c7b800626c5c2bfded4806",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1722957654,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"infosec"
],
[
"t",
"cybersecurity"
],
[
"t",
"django"
],
[
"t",
"python"
]
],
"content": "\"Django security releases issued: 5.0.8 and 4.2.15\"\n\nhttps://www.djangoproject.com/weblog/2024/aug/06/security-releases/\n\n* Potential SQL injection in QuerySet.values() and values_list()\n* Memory exhaustion in django.utils.numberformat.floatformat()\n* Potential denial-of-service in django.utils.html.urlize()\n* Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget\n\n#security #infosec #cybersecurity #django #python",
"sig": "5def8da0cd1a886c67562b84b19183c5b16106a903d4d35fb0d4ec4b806462c26d9a3f4ccfbc6e5075c3620342bdec04ea4bae94bd9a179dd4c38b841fa10938"
}