"Django security releases issued: 5.0.7 and 4.2.14"
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
* CVE-2024-38875 [moderate]: Potential denial-of-service in django.utils.html.urlize
* CVE-2024-39329 [low]: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330 [low]: Potential directory-traversal in django.core.files.storage.Storage.save
* CVE-2024-39614 [moderate]: Potential denial-of-service in django.utils.translation.get_supported_language_variant
#security #django
dethos / Gonçalo Valério
npub1c8…lvmv9
2024-07-09 16:01:04
Author Public Key
npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9Published at
2024-07-09 16:01:04Event JSON
{
"id": "5a2dfd0ce65a3ff1964838334ace4e8259a460b524c5873db7fe752a88f749f4",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1720540864,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"django"
]
],
"content": "\"Django security releases issued: 5.0.7 and 4.2.14\"\n\nhttps://www.djangoproject.com/weblog/2024/jul/09/security-releases/\n\n* CVE-2024-38875 [moderate]: Potential denial-of-service in django.utils.html.urlize\n* CVE-2024-39329 [low]: Username enumeration through timing difference for users with unusable passwords\n* CVE-2024-39330 [low]: Potential directory-traversal in django.core.files.storage.Storage.save\n* CVE-2024-39614 [moderate]: Potential denial-of-service in django.utils.translation.get_supported_language_variant\n\n#security #django",
"sig": "d68987bbfa634e6d8f6ee733d8ff5b1d5845055596ec5174791de6594f97c5437ed95d6720c24fdcd7274468c1223193fc50b4dcd45ccad79aae3f0f510dcf55"
}