MGASA-2022-0011

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0011.html

Import Source

https://advisories.mageia.org/MGASA-2022-0011.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0011

Related

Published

2022-01-11T07:12:42Z

Modified

2022-01-11T06:36:47Z

Summary

Updated python-django packages fix security vulnerability

Details

UserAttributeSimilarityValidator incurred significant overhead evaluating submitted password that were artificially large in relative to the comparison values. On the assumption that access to user registration was unrestricted this provided a potential vector for a denial-of-service attack. (CVE-2021-45115) Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure or unintended method calls, if passed a suitably crafted key. (CVE-2021-45116) Storage.save() allowed directory-traversal if directly passed suitably crafted file names. (CVE-2021-45452)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / python-django

Package

Name: python-django
Purl: pkg:rpm/mageia/python-django?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.14-1.1.mga8

Ecosystem specific

{
    "section": "core"
}