django: security update to 2.1.11 #1938
Comments
l2dy
added
upgrade
MingcongBai
added a commit
that referenced
this issue
Sep 2, 2019
|
Use AOSA-2019-0203. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE IDs: CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235
Other security advisory IDs: USN-4084-1, ASA-201908-2, openSUSE-SU-2019:1839-1, DSA-4498-1
Descriptions:
It was discovered that Django incorrectly handled the Truncator function. A
remote attacker could possibly use this issue to cause Django to consume
resources, leading to a denial of service. (CVE-2019-14232)
It was discovered that Django incorrectly handled the strip_tags function.
A remote attacker could possibly use this issue to cause Django to consume
resources, leading to a denial of service. (CVE-2019-14233)
It was discovered that Django incorrectly handled certain lookups in the
PostgreSQL support. A remote attacker could possibly use this issue to
perform SQL injection attacks. (CVE-2019-14234)
It was discovered that Django incorrectly handled certain invalid UTF-8
octet sequences. A remote attacker could possibly use this issue to cause
Django to consume resources, leading to a denial of service.
(CVE-2019-14235)
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
Architectural progress:
noarch-->The text was updated successfully, but these errors were encountered: