Componentpedia / Listings / django / 3.2.17

Last update: 26/01/2025

django

The Web framework for perfectionists with deadlines.

Version: 3.2.17 registry icon
Safety score
-80
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security Risks of Known Vulnerabilities
CVE-2023-46695
CWE-770
Threat level: HIGH | CVSS score: 7.5

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.


CVE-2023-31047
CWE-20
Threat level: CRITICAL | CVSS score: 9.8

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.


CVE-2023-24580
CWE-400
Threat level: HIGH | CVSS score: 7.5

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.


CVE-2023-43665
CWE-1284
Threat level: HIGH | CVSS score: 7.5

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.


CVE-2023-36053
CWE-1333
Threat level: HIGH | CVSS score: 7.5

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.


CVE-2024-24680
Threat level: HIGH | CVSS score: 7.5

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.


CVE-2023-41164
CWE-1284
Threat level: HIGH | CVSS score: 7.5

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.


Please note that this component is affected by another vulnerability
0 Critical  |  0 High  |  1 Medium  |  0 Low  |  0 Suggest

Latest safe patch: 3.2.25 Latest safe major: 5.1.5 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.


Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release:   3.2.25

Latest minor release:   --

Latest major release:   5.1.5

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

BSD   -   BSD License (Generic)

Is a wildcard

Not proprietary

OSI Compliant