Django Security Update Advisory

Dec 09 2024

Overview

An update has been released to address vulnerabilities in Django. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-53907, CVE-2024-53908

Django version: 5.1 version before 5.1.4
Django version: 5.0 version before 5.0.10
Django version: 4.2 version before 4.2.17

Resolved Vulnerabilities

DoS attack vulnerability in Django’s strip_tags() method and striptags template filter due to massively nested unfinished HTML entities (CVE-2024-53907)

SQL injection vulnerability when lhs values contain untrusted data when directly using the django.db.models.fields.json.HasKey lookup when using Oracle databases in Django (CVE-2024-53908)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-53907, CVE-2024-53908

Django version: 5.1.4
Django version: 5.0.10
Django version: 4.2.17

Referenced Sites

[1] CVE-2024-53907 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-53907

[2] CVE-2024-53908 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-53908

[3] openwall/CVE-2024-53907, CVE-2024-53908

https://www.openwall.com/lists/oss-security/2024/12/04/3

Django Security Update Advisory

SonicWall Product Line Security Update Advisory

SolarWinds Platform Security Update Advisory (CVE-2024-45717)

Tags:

SonicWall Product Line Security Update Advisory

SolarWinds Platform Security Update Advisory (CVE-2024-45717)