FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
py310-django42 < 4.2.25
py311-django42 < 4.2.25
py39-django42 < 4.2.25
py310-django51 < 5.1.13
py311-django51 < 5.1.13
py310-django52 < 5.2.7
py311-django52 < 5.2.7

Details

VuXML ID 90fc859e-9fe4-11f0-9fa2-080027836e8b
Discovery 2025-10-01
Entry 2025-10-02

Django reports:

CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB.

CVE-2025-59682: Potential partial directory-traversal via archive.extract().

[source]

References

CVE Name CVE-2025-59681
CVE Name CVE-2025-59682
URL https://www.djangoproject.com/weblog/2025/oct/01/security-releases/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.