[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2023:0005-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":40,"duplicates":41,"related":42,"reserved_at":9,"published_at":56,"modified_at":57,"state":9,"summary":58,"references_raw":60,"kevs":178,"epss":9,"epss_history":179,"metrics":180,"affected":181},"OPENSUSE-SU-2023:0005-1","Security update for python-Django\n\nThis update for python-Django fixes the following issues:\n\n- CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793)\n- CVE-2022-36359: Fixed a potential reflected file download vulnerability in FileResponse (boo#1201923)\n\n- Update from 2.2.12 to 2.2.28 (boo#1198297)\n\n  * Many CVEs fixes (check https://github.com/django/django/blob/main/docs/releases/)\n\n  2.2.28:\n\n  - CVE-2022-28346: Fixed potential SQL injection in QuerySet.annotate(), aggregate(), and extra() (bsc#1198398)\n  - CVE-2022-28347: Fixed potential SQL injection via QuerySet.explain(**options) (bsc#1198399)\n\n  2.2.27:\n\n  - CVE-2022-22818: Fixed possible XSS via ``{% debug %}`` template tag (bsc#1195086)\n  - CVE-2022-23833: Fixed denial-of-service possibility in file uploads (bsc#1195088)\n\n  2.2.26: \n\n  - CVE-2021-45115: Denial-of-service possibility in ``UserAttributeSimilarityValidator`` (bsc#1194115)\n  - CVE-2021-45116: Potential information disclosure in ``dictsort`` template filter (bsc#1194117)\n  - CVE-2021-45452: Potential directory-traversal via ``Storage.save()`` (bsc#)\n\n  2.2.25:\n\n  - CVE-2021-44420: Potential bypass of an upstream access control based on URL paths (bsc#1193240)\n\n  2.2.24:\n\n  - CVE-2021-33203: Potential directory traversal via ``admindocs``\n  - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses\n\n  2.2.23:\n\n  - regression fix\n\n  2.2.22:\n\n  - CVE-2021-32052: Header injection possibility since ``URLValidator`` accepted newlines in input on Python 3.9.5+\n\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38],{"_key":15},"CVE-2021-32052",{"_key":17},"CVE-2021-33203",{"_key":19},"CVE-2021-33571",{"_key":21},"CVE-2021-44420",{"_key":23},"CVE-2021-45115",{"_key":25},"CVE-2021-45116",{"_key":27},"CVE-2021-45452",{"_key":29},"CVE-2022-22818",{"_key":31},"CVE-2022-23833",{"_key":33},"CVE-2022-28346",{"_key":35},"CVE-2022-28347",{"_key":37},"CVE-2022-36359",{"_key":39},"CVE-2022-41323",[],[],[43,44,45,46,47,48,49,50,51,52,53,54,55],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},"2023-01-03T11:02:47Z","2026-02-04T02:49:35.167122Z",{"cisa_kev":59,"cisa_ransomware":59,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[61,68,73,77,81,85,89,93,97,101,105,109,113,117,121,125,130,134,138,142,146,150,154,158,162,166,170,174],{"url":62,"sources":63,"tags":66},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UHF5IZKTZ2T4T4QQYZMUFHW422X3WCU6/",[64,65],"osv_suse","osv_opensuse",[67],"Advisory",{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/1185713",[64,65],[72],"REPORT",{"url":74,"sources":75,"tags":76},"https://bugzilla.suse.com/1186608",[64,65],[72],{"url":78,"sources":79,"tags":80},"https://bugzilla.suse.com/1186611",[64,65],[72],{"url":82,"sources":83,"tags":84},"https://bugzilla.suse.com/1193240",[64,65],[72],{"url":86,"sources":87,"tags":88},"https://bugzilla.suse.com/1194115",[64,65],[72],{"url":90,"sources":91,"tags":92},"https://bugzilla.suse.com/1194116",[64,65],[72],{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1194117",[64,65],[72],{"url":98,"sources":99,"tags":100},"https://bugzilla.suse.com/1195086",[64,65],[72],{"url":102,"sources":103,"tags":104},"https://bugzilla.suse.com/1195088",[64,65],[72],{"url":106,"sources":107,"tags":108},"https://bugzilla.suse.com/1198297",[64,65],[72],{"url":110,"sources":111,"tags":112},"https://bugzilla.suse.com/1198398",[64,65],[72],{"url":114,"sources":115,"tags":116},"https://bugzilla.suse.com/1198399",[64,65],[72],{"url":118,"sources":119,"tags":120},"https://bugzilla.suse.com/1201923",[64,65],[72],{"url":122,"sources":123,"tags":124},"https://bugzilla.suse.com/1203793",[64,65],[72],{"url":126,"sources":127,"tags":128},"https://www.suse.com/security/cve/CVE-2021-32052",[64,65],[129],"WEB",{"url":131,"sources":132,"tags":133},"https://www.suse.com/security/cve/CVE-2021-33203",[64,65],[129],{"url":135,"sources":136,"tags":137},"https://www.suse.com/security/cve/CVE-2021-33571",[64,65],[129],{"url":139,"sources":140,"tags":141},"https://www.suse.com/security/cve/CVE-2021-44420",[64,65],[129],{"url":143,"sources":144,"tags":145},"https://www.suse.com/security/cve/CVE-2021-45115",[64,65],[129],{"url":147,"sources":148,"tags":149},"https://www.suse.com/security/cve/CVE-2021-45116",[64,65],[129],{"url":151,"sources":152,"tags":153},"https://www.suse.com/security/cve/CVE-2021-45452",[64,65],[129],{"url":155,"sources":156,"tags":157},"https://www.suse.com/security/cve/CVE-2022-22818",[64,65],[129],{"url":159,"sources":160,"tags":161},"https://www.suse.com/security/cve/CVE-2022-23833",[64,65],[129],{"url":163,"sources":164,"tags":165},"https://www.suse.com/security/cve/CVE-2022-28346",[64,65],[129],{"url":167,"sources":168,"tags":169},"https://www.suse.com/security/cve/CVE-2022-28347",[64,65],[129],{"url":171,"sources":172,"tags":173},"https://www.suse.com/security/cve/CVE-2022-36359",[64,65],[129],{"url":175,"sources":176,"tags":177},"https://www.suse.com/security/cve/CVE-2022-41323",[64,65],[129],[],[],[],[182,195],{"ecosystem":183,"name":184,"vendor":185,"product":186,"cpe_part":9,"purl_type":187,"purl_namespace":185,"purl_name":186,"source":9,"versions":188},"openSUSE","python-Django","opensuse","python-Django&distro=openSUSE Leap 15.3","rpm",[189],{"version":190,"is_range":191,"range_type":192,"version_start":9,"version_start_type":9,"version_end":193,"version_end_type":194,"fixed_in":9},"lt2_2_28_bp153_2_3_1",true,"ecosystem","2.2.28-bp153.2.3.1","excluding",{"ecosystem":196,"name":184,"vendor":197,"product":198,"cpe_part":9,"purl_type":187,"purl_namespace":197,"purl_name":198,"source":9,"versions":199},"SUSE Linux Enterprise","suse","python-Django&distro=SUSE Package Hub 15 SP3",[200],{"version":190,"is_range":191,"range_type":192,"version_start":9,"version_start_type":9,"version_end":193,"version_end_type":194,"fixed_in":9}]