FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
py37-django22 < 2.2.26
py38-django22 < 2.2.26
py39-django22 < 2.2.26
py37-django32 < 3.2.11
py38-django32 < 3.2.11
py39-django32 < 3.2.11
py37-django40 < 4.0.1
py38-django40 < 4.0.1
py39-django40 < 4.0.1

Details

VuXML ID d3e023fb-6e88-11ec-b948-080027240888
Discovery 2021-12-20
Entry 2022-01-06

Django Release reports:

CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.

CVE-2021-45116: Potential information disclosure in dictsort template filter.

CVE-2021-45452: Potential directory-traversal via Storage.save().

References

CVE Name CVE-2021-45115
CVE Name CVE-2021-45116
CVE Name CVE-2021-45452
URL https://www.djangoproject.com/weblog/2022/jan/04/security-releases/