GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri May 01, 2020 2:26 am Post subject: [ GLSA 202004-17 ] Django |
 |
|
Gentoo Linux Security Advisory
Title: Django: Multiple vulnerabilities (GLSA 202004-17)
Severity: normal
Exploitable: remote
Date: 2020-04-30
Bug(s): #692384, #701744, #706204, #707998, #711522
ID: 202004-17
Synopsis
Multiple vulnerabilities have been found in Django, the worst of
which could result in privilege escalation.
Background
Django is a Python-based web framework.
Affected Packages
Package: dev-python/django
Vulnerable: < 2.2.11
Unaffected: >= 2.2.11
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Django. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker, by sending specially crafted input, could possibly
cause a Denial of Service condition, or alter the database.
Workaround
There is no known workaround at this time.
Resolution
All Django users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-2.2.11"
|
References
CVE-2019-12308
CVE-2019-14232
CVE-2019-14233
CVE-2019-14234
CVE-2019-14235
CVE-2019-19118
CVE-2019-19844
CVE-2020-7471
CVE-2020-9402 |
|
News & Announcements
