OPENSUSE-SU-2024:0251-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 18 Aug 2024, 07:32
Last modified:04 Feb 2026, 03:08
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Aug 2024, 07:32
Published
Vulnerability first disclosed
04 Feb 2026, 03:08
Last Modified
Vulnerability information updated
Description
Security update for python-Django This update for python-Django fixes the following issues: - CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565) - CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590) - CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593) - CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594) - CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant() (boo#1227595)
Affected Systems
- opensuse•python-Django&distro=openSUSE Leap 15.5
< 2.2.28-bp155.7.12.1
- suse•python-Django&distro=SUSE Package Hub 15 SP5
< 2.2.28-bp155.7.12.1
References (11)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OU4KXNSFOQVRSGL2OQCMRA3EFMPZEGEU/
- https://bugzilla.suse.com/1207565
- https://bugzilla.suse.com/1227590
- https://bugzilla.suse.com/1227593
- https://bugzilla.suse.com/1227594
- https://bugzilla.suse.com/1227595
- https://www.suse.com/security/cve/CVE-2023-23969
- https://www.suse.com/security/cve/CVE-2024-38875
- https://www.suse.com/security/cve/CVE-2024-39329
- https://www.suse.com/security/cve/CVE-2024-39330
- https://www.suse.com/security/cve/CVE-2024-39614