FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d3e023fb-6e88-11ec-b948-080027240888Django -- multiple vulnerabilities

Django Release reports:

CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.

CVE-2021-45116: Potential information disclosure in dictsort template filter.

CVE-2021-45452: Potential directory-traversal via Storage.save().


Discovery 2021-12-20
Entry 2022-01-06
py37-django22
py38-django22
py39-django22
< 2.2.26

py37-django32
py38-django32
py39-django32
< 3.2.11

py37-django40
py38-django40
py39-django40
< 4.0.1

CVE-2021-45115
CVE-2021-45116
CVE-2021-45452
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
1766359c-ad6e-11eb-b2a4-080027e50e6dDjango -- multiple vulnerabilities

Django Release reports:

CVE-2021-31542:Potential directory-traversal via uploaded files.

MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.


Discovery 2021-04-22
Entry 2021-05-05
py36-django22
py37-django22
py38-django22
py39-django22
< 2.2.21

py36-django31
py37-django31
py38-django31
py39-django31
< 3.1.9

py36-django32
py37-django32
py38-django32
py39-django32
< 3.2.1

https://www.djangoproject.com/weblog/2021/may/04/security-releases/
CVE-2021-31542
597d02ce-a66c-11ea-af32-080027846a02Django -- multiple vulnerabilities

Django security release reports:

CVE-2020-13254: Potential data leakage via malformed memcached keys

In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.

CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded.


Discovery 2020-06-01
Entry 2020-06-04
py36-django22
py37-django22
py38-django22
< 2.2.13

py36-django30
py37-django30
py38-django30
< 3.0.7

https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
CVE-2020-13254
CVE-2020-13596
0db46f84-b9fa-11ec-89df-080027240888Django -- multiple vulnerabilities

Django Release reports:

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra().

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.


Discovery 2022-04-02
Entry 2022-04-12
py37-django22
py38-django22
py39-django22
py310-django22
< 2.2.28

py37-django32
py38-django32
py39-django32
py310-django32
< 3.2.13

py38-django40
py39-django40
py310-django40
< 4.0.4

CVE-2022-28346
CVE-2022-28347
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
002432c8-ef6a-11ea-ba8f-08002728f74cDjango -- multiple vulnerabilities

Django Release notes:

CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+

On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static directories when using the collectstatic management command.

CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+

On Python 3.7+, the intermediate-level directories of the file system cache had the system's standard umask rather than 0o077 (no group or others permissions).


Discovery 2020-09-01
Entry 2020-09-05
py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.16

py36-django30
py37-django30
py38-django30
< 3.0.10

py36-django31
py37-django31
py38-django31
< 3.1.1

https://docs.djangoproject.com/en/2.2/releases/2.2.16/
https://docs.djangoproject.com/en/3.0/releases/3.0.10/
https://docs.djangoproject.com/en/3.1/releases/3.1.1/
CVE-2020-24583
CVE-2020-24584